PayPal Staff Product Security Engineer 

United States, Illinois, Chicago 

556294767

Your day-to-day

Responsibilities will be tailored based on business need, experience, and interest. In your day-to-day role, you will:

• Provide consulting and advisement to software engineers on best practices, secure coding techniques, and vulnerability remediation

• Support the development of new product features by conducting security design and code reviews, facilitating penetration tests, and contributing to threat models

• Develop and support homegrown tooling that utilizes AI-powered large language models to scale and support product security reviews and governance

• Implement, manage, and operate application security tools such as static and dynamic application security scanners

• Respond to product security incidents

• Analyze potential threats and vulnerabilities to our systems, applications, and processes

• Collaborate closely with engineers, developers, and security teams to find security issues and mitigating controls

• Document and automate incident response and vulnerability management runbooks

• Stay up to date with the latest security trends, technologies, vulnerabilities, and attacks, and incorporate this knowledge into threat models and other workstreams

Essential experience & skills

• At least 5 years of experience in a software development or cyber security discipline

• Strong programming experience in at least one language such as Ruby, Java, Python, JavaScript, Swift. Expect to spend time writing and reviewing code.

• Experience with any of the following application security tools: SAST, DAST, API security scanners, WAF, software composition analysis

• Knowledge of Kubernetes, terraform, and source code management systems such as git.

• Hands on experience with at least one of the main cloud vendors (Amazon Web Services, Azure, Google Cloud Platform)

• Experience working with developers to communicate deficiencies and implement security measures.

• Experience in identifying and remediating common application security vulnerabilities such as OWASP Top 10 and a deep understanding of web application and mobile app vulnerabilities.

• Excellent written and verbal communication skills.

• Ability to work independently and as part of a team.

• Ability to mentor and guide junior team members.

• Strong understanding of authentication and authorization protocols, such as OAuth 2.0 and SAML.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The U.S. national annual pay range for this role is

$96900 to $234300

Any general requests for consideration of your skills, please

to view the notice.