PayPal Information Security Engineer 

United States, Arizona, Scottsdale 

295053416

What you need to know about the role:This role focuses on managing Hardware Security Modules (HSMs), Certificate Authorities (CAs), and automating Certificate Lifecycle Management (CLM).

Job Description:

This role manages Critical CA infrastructure that all applications and clients relay on.

• Enhance security posture: Proper HSM and CA management, combined with automated CLM and CRL publishing, strengthens the overall security posture by protecting sensitive keys and ensuring timely revocation of compromised certificates.

• Increase efficiency: Automation and scripting will streamline certificate lifecycle processes, reducing manual effort and potential for human error.

• Improve compliance: Adherence to best practices in PKI, HSM management, and CLM helps meet regulatory and compliance requirements.

• Reduce operational costs: Automation can lower costs associated with manual certificate management.

• Provide better visibility and control: Centralized CLM provides a clearer overview of certificate inventory and simplifies management tasks.

Your day to day:

In your day to day role you will

• HSM Administration:

  • Monitoring HSM health and performance.

  • Managing HSM access controls and user permissions.

  • Applying firmware updates and security patches.

  • Performing key backups and recovery operations.

  • Troubleshooting HSM issues.

• CA Administration:

  • Issuing and revoking certificates.

  • Monitoring CA health and performance.

  • Managing CA configurations and policies.

  • Responding to certificate requests.

  • Publishing CRLs.

• CLM Automation:

  • Developing and maintaining scripts for automating certificate lifecycle processes (issuance, renewal, revocation).

  • Integrating CLM tools with other systems.

  • Monitoring and troubleshooting automation workflows.

• Incident Response:

  • Investigating and responding to security incidents related to certificates and HSMs.

• Collaboration and Communication:

  • Working with other teams to integrate certificate services.

  • Documenting processes and procedures.

  • Participating in security audits.

What do you need to bring:

• Bachelor’s degree in computer science or related discipline, preferably with an Information Security major or significant focus and 6+ years related industry experience.

• Deep understanding of PKI of Public Key Infrastructure principles, including certificate formats, key management, digital signatures, and the certificate lifecycle.

• Hands-on experience managing and administering HSMs, including tasks like key generation, backup/restore, applying firmware upgrades, security patching, and troubleshooting.

• Practical experience with EJBCA/similar CA administration skills, certificate issuance/revocation, and policy management.

• Strongscripting/programmingskills (e.g., Go, Python, Bash) and experience automating tasks related to certificate management.

• A collaborative approach to working with other teams and a focus on automation and efficiency.

• The ability to diagnose and resolve complex issues related to PKI, HSMs, and certificate management.

• A strong understanding of security best practices and a commitment to protecting sensitive cryptographic assets.

• The ability to clearly explain technical concepts to both technical and non-technical audiences.

• We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.

Our Benefits:

Any general requests for consideration of your skills, please