Mts Information Security jobs at Paypal in United States, Scottsdale

Essential Responsibilities:

• Independently apply security best practices to enhance and optimize systems, ensuring robust protection and efficiency, while beginning to understand and align security solutions with business objectives.
• Partner with peers and internal teams to drive security initiatives, contribute to cross-functional projects, and at times co-lead efforts to strengthen security posture.
• Analyze and resolve security challenges by adapting standard processes and exploring alternative approaches to address complex threats.
• Influence the quality, efficiency, and effectiveness of the team through informed decision-making, with a potential impact on other teams.
• Collaborate with other engineers to gather and incorporate feedback, driving continuous improvements in security processes.

Expected Qualifications:

• 3+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Our Benefits:

Any general requests for consideration of your skills, please

Job Description:

This role manages Critical CA infrastructure that all applications and clients relay on.

• Enhance security posture: Proper HSM and CA management, combined with automated CLM and CRL publishing, strengthens the overall security posture by protecting sensitive keys and ensuring timely revocation of compromised certificates.

• Increase efficiency: Automation and scripting will streamline certificate lifecycle processes, reducing manual effort and potential for human error.

• Improve compliance: Adherence to best practices in PKI, HSM management, and CLM helps meet regulatory and compliance requirements.

• Reduce operational costs: Automation can lower costs associated with manual certificate management.

• Provide better visibility and control: Centralized CLM provides a clearer overview of certificate inventory and simplifies management tasks.

Your day to day:

In your day to day role you will

• HSM Administration:

  • Monitoring HSM health and performance.

  • Managing HSM access controls and user permissions.

  • Applying firmware updates and security patches.

  • Performing key backups and recovery operations.

  • Troubleshooting HSM issues.

• CA Administration:

  • Issuing and revoking certificates.

  • Monitoring CA health and performance.

  • Managing CA configurations and policies.

  • Responding to certificate requests.

  • Publishing CRLs.

• CLM Automation:

  • Developing and maintaining scripts for automating certificate lifecycle processes (issuance, renewal, revocation).

  • Integrating CLM tools with other systems.

  • Monitoring and troubleshooting automation workflows.

• Incident Response:

  • Investigating and responding to security incidents related to certificates and HSMs.

• Collaboration and Communication:

  • Working with other teams to integrate certificate services.

  • Documenting processes and procedures.

  • Participating in security audits.

What do you need to bring:

• Bachelor’s degree in computer science or related discipline, preferably with an Information Security major or significant focus and 6+ years related industry experience.

• Deep understanding of PKI of Public Key Infrastructure principles, including certificate formats, key management, digital signatures, and the certificate lifecycle.

• Hands-on experience managing and administering HSMs, including tasks like key generation, backup/restore, applying firmware upgrades, security patching, and troubleshooting.

• Practical experience with EJBCA/similar CA administration skills, certificate issuance/revocation, and policy management.

• Strongscripting/programmingskills (e.g., Go, Python, Bash) and experience automating tasks related to certificate management.

• A collaborative approach to working with other teams and a focus on automation and efficiency.

• The ability to diagnose and resolve complex issues related to PKI, HSMs, and certificate management.

• A strong understanding of security best practices and a commitment to protecting sensitive cryptographic assets.

• The ability to clearly explain technical concepts to both technical and non-technical audiences.

• We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.

Our Benefits:

Any general requests for consideration of your skills, please

Your way to impact:

• Take ownership of enhancing our security posture and protecting our infrastructure, systems, and data from cyber threats.

• Provide guidance and recommendations to cross-functional teams, assisting them in implementing effective security measures.

• Collaborate closely with teams across the PayPal, ensuring seamless security experiences and operational efficiency.

• Drive continuous improvement in security operations by identifying opportunities for process optimization, automation, and integration of security technologies.

• Assume centralized ownership of key cybersecurity applications/tools, seeing the vision and driving towards a best-in-class future state.

• Engage in incident response readiness exercises, conducting simulations and tabletop exercises to strengthen the PayPal's ability to respond swiftly and effectively to security incidents.

• Foster a culture of proactive security through knowledge sharing, training sessions, and promoting security awareness across the PayPal.

Your day-to-day:

• Monitor security alerts and events from various sources and respond promptly to security incidents, following the established incident management plan.

• Collaborate with the security teams to conduct in-depth analysis of security events and incidents, utilizing advanced threat intelligence and security tools.

• Document and track security incidents, maintaining accurate incident records and providing regular updates to stakeholders.

• Build and nurture influential partnerships with key stakeholders, acting as a conduit between cybersecurity and cross-functional teams.

• Participate in tabletop exercises and simulations to enhance the PayPal's incident response preparedness and identify areas for improvement.

• Proactively review and refine the incident management plan based on emerging threats and evolving cybersecurity landscape.

• Stay updated on industry trends, best practices, and our business strategy to enable the achievement of cybersecurity objectives.

What do you need to bring:

• Demonstrate proven experience in security incident handling and security operations.

• Possess an in-depth understanding of network protocols, systems, and infrastructure security principles.

• Exhibit proficiency in analyzing business and employee needs, recommending, and designing end-to-end security solutions.

• Display strong incident management skills, effectively managing multiple incidents and driving results.

• Stay abreast of emerging threats, vulnerabilities, and attack techniques through continuous monitoring of threat intelligence sources and participation in security communities and forums.

• Participate in cross-functional security projects and initiatives, providing security expertise and guidance to ensure the secure implementation of new technologies and systems.

• Possess excellent communication skills to collaborate with cross-functional teams and convey complex security concepts effectively.

Our Benefits:

Any general requests for consideration of your skills, please

Your day to day:

You will plan and execute red team engagements to expose vulnerabilities and evaluate the organization's defensive capabilities. You will collaborate with detection and response teams to develop purple team strategies, continuously refining offensive and defensive tactics. You will conduct in-depth security research on emerging threats, prototype new tools, and analyze zero-day exploits to stay ahead of advanced adversaries. Finally, you will prepare thorough reports for both technical and non-technical stakeholders, providing risk assessments and recommending improvements that shape the organization’s long-term security roadmap

What do you need to bring:

• Experience conducting stealth red team engagements, including lateral movement, persistence, and data exfiltration.

• Proficiency in attack automation and tool development.

• Familiarity with blue team operations and defensive security technologies (SIEMs, EDR, IDS/IPS).

• Demonstrated experience in security research and development, with published tools, papers, or exploit research a plus

Our Benefits:

Any general requests for consideration of your skills, please

Your way to impact

• Take ownership of enhancing our security posture and protecting our infrastructure, systems, and data from cyber threats.

• Lead strategic security initiatives and large-scale projects, ensuring alignment with PayPal's overall security objectives and business goals.

• Provide guidance and recommendations to cross functional teams, assisting them in implementing effective security measures.

• Drive continuous improvement in security operations by identifying opportunities for process optimization, automation, and integration of security technologies.

• Assume centralized ownership of key cybersecurity applications/tools, setting the vision and driving towards a best-in-class future state.

• Engage in incident response readiness exercises, conducting simulations and tabletop exercises to strengthen PayPal's ability to respond swiftly and effectively to security incidents.

• Collaborate closely with teams across PayPal, ensuring seamless security experiences and operational efficiency.

• Cultivate a culture of proactive security through knowledge sharing, training sessions, and promoting security awareness across PayPal.

• Mentor and develop junior team members, providing guidance on career development and technical expertise.

• Lead post incident analysis and reporting, driving improvements in incident response processes and reducing future risks.

Your day-to-day

Our Benefits:

Any general requests for consideration of your skills, please

Job Description:

Minimum Requirements: Bachelor’s degree, or foreign equivalent, in Computer Science, Engineering (any field) or a closely related field plus five years of experience in the job offered or a related occupation.

Special Skill Requirements:

1.Design large scale software system using Object-Oriented design (5 years)

2.Java (5 years)

3.Database design and development using Oracle, MySQL (5 years)

4.Rest API design and development (5 years)

5.Spring Framework (5 years)

6.Hibernate (5 years)

7.Full stack web development (5 years)

8.Expertise in Payments transaction processing (4 years)

9.Expertise in Tokenization Payments (4 years)

10.Backbone JS (4 years)

Must be legally authorized to work in the U.S. without sponsorship.

Our Benefits:

Any general requests for consideration of your skills, please

Job Description:

Minimum Requirements: Bachelor’s degree or foreign equivalent in Information Security or a related field plus seven years of experience in the job offered or a related cybersecurity occupation.

Special Skill Requirements:

1. Experience evaluating threats and using the same information to build credible and efficient detections. (3 years)
2. Experience with automation frameworks and creating robust integrations in Python (2 years)
3. Experience with general SIEM frameworks and ability to build detection in various languages like SPL, KQL and SQL (2 years)
4. Experience collecting and analyzing information whilst identifying threats in the process to create an actionable outcome through playbooks or alerting. (4 years)
5. Ability to perform threat hunting in large scale organizations using different kinds of security tools (1 year)
6. Ability to understand normal security behavioral patterns and identifying deviations around them (1 year)
7. Experience with security architecture and frameworks including their importance and challenges (3 years)

Must be legally authorized to work in the U.S. without sponsorship.

Our Benefits:

Any general requests for consideration of your skills, please