PayPal Application Security Engineer 

France, Occitania, Toulouse 

367728051

What you need to know about the role:
PayPal is looking to add a talented, smart, and engaged Application Security Engineer to the Threat Exposure Management team. This role will be focused on driving the vulnerability management lifecycle for applications developed by PayPal, Inc. You will focus on vulnerability identification methods, such as, but not limited to Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Secrets. You will be part of the team building and running the process to analyze identified vulnerabilities, apply PayPal specific prioritization, coordinate remediation with product development teams and provide leadership visibility to the associate risk.

Your day to day:

Responsibilities will be tailored based on business need, experience, and interest. In your day-to-day role, you will:

• You help drive the operational workflow around application security vulnerabilities

• You will determine the impact of vulnerabilities in our environment and communicate them to stakeholders across the company

• You will report to the Senior Manager, Threat Exposure Management and provide updates on critical vulnerabilities and overall posture

• You will collaborate across our team and key stakeholders to identify, drive and implement process improvements to reduce the time to detect and mitigate vulnerabilities and increase overall efficiency

• You will work with our internal and external service providers/vendors to resolve blockers and maintain high quality service

• You will be work with TEM/Product Security leadership to maintain the forward looking roadmap for the team, including defining and monitoring performance against Objectives and Key Results (OKRs), planning for new capabilities, evaluating vendors, and individual career development plans

• You have and encourage a passion for cybersecurity and learning through asking questions and experimenting with different approaches

• Provide consulting and advisement to software engineers on best practices, secure coding techniques, and vulnerability remediation

• Document and automate vulnerability management runbooks

• Stay up to date with the latest security trends, technologies, vulnerabilities, and attacks, and incorporate this knowledge into your day to day work

What you need to bring:

• At least 5 years of experience in an application security or software development discipline; 2+ years doing this at large enterprise scale

• Strong programming experience in at least one language such as Ruby, Java, Python, JavaScript, Swift.

• Experience with interpreting the results of application security scans, such as, but not limited to: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), API security scanners, Software Composition Analysis, Secrets scanning

• Experience working with developers to communicate deficiencies and implement security measures.

• Experience in identifying and remediating common application security vulnerabilities such as OWASP Top 10 and a deep understanding of web application and mobile app vulnerabilities, leveraging tools such as, but not limited to, GitHub Advanced Security, Blackduck, Coverity, Acunetix, Veracode

• Excellent written and verbal communication skills.

• Ability to work independently and as part of a team.

• Experience with implementing and configuring vulnerability managementplatforms/applicationsecurity posture management platforms (for example, Seemplicity, Kenna, Brinqa, Vulcan, ArmorCode)

• Excellent written and verbal communication skills.

• Familiarity with relevant financial services regulations and security standards, such as PCI-DSS and ISO27001

• Ability to operate in fast-paced environment, in a self-driven manner, taking initiative and ownership to propose improvements and solutions

• Demonstrate attention to detail, excellent analytical thinking, communication and time management skills

• Experience in working with large data sets to determine patterns and drive to key takeaways

• Ability to mentor and guide junior team members.

• Experience with at least one of the main cloud vendors is a plus (Amazon Web Services, Azure, Google Cloud Platform)

• Industry certifications (e.g., CISSP, CISM, CCSP, or equivalent) are a plus

Travel Percent:

0 Bachelors Degree or Equivalent

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The U.S. national annual pay range for this role is

$84500 to $204600

Our Benefits:

Any general requests for consideration of your skills, please