MTS 1, Information Security Engineer

The Company PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers. We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities. Job Description Summary: We are seeking an experienced Senior Edge Security DevOps Engineer with specialization in Bot manager solutions, Web Application Firewalls (WAF), DDoS assessments, and log analysis using SIEM tools such as Splunk and Datadog. The ideal candidate should also have strong development skills in Node.js, Java & python, cyber security expertise, cloud security proficiency, operational acumen, a solid understanding of TCP/IP networking, and proficiency in testing for OWASP Top 10 vulnerabilities. This role involves architecting, implementing, and maintaining security solutions to protect our edge and cloud infrastructure, leveraging platforms such as Fastly, Edgio, Cloudflare, F5 Silverline, Radware & Datadome. Job Description: Key Responsibilities: Security Solutions Implementation and Management: Bot Management: Deploy, configure, and manage Bot management/protection solutions to defend web applications against malicious bot traffic. WAF Configuration: Implement and maintain Web Application Firewall (WAF) solutions using platforms such as Fastly, Edgio, Cloudflare, and F5 Silverline to protect against common web threats. Run automated scans using tools like GoTestWAF, nuclei to evaluate WAF efficiency. DDoS Mitigation: Develop and implement comprehensive DDoS mitigation strategies. Conduct regular DDoS assessments to evaluate the effectiveness of current defences and update them as needed. CI/CD Pipeline Security: Integration: Embed security best practices, tools, and processes into the continuous integration and continuous deployment (CI/CD) pipelines. Automation: Develop scripts and automation tools to enforce security policies across development, testing, and production environments. Log Analysis and Monitoring: SIEM Utilization: Analyse logs using Security Information and Event Management (SIEM) tools such as Splunk and Datadog to identify and respond to security incidents. Implement and manage log aggregation and monitoring solutions. Incident Response: Lead incident response efforts, providing root cause analysis, forensics, and remediation. Development and Coding: Node.js, Java & python: Develop and maintain tools, scripts, and applications in Node.js, Java & python to support security operations and streamline security workflows. Secure Coding Practices: Conduct secure code reviews, ensure adherence to security standards, and collaborate with development teams to remediate identified vulnerabilities. Testing for Vulnerabilities: OWASP Top 10: Perform security testing for OWASP Top 10 vulnerabilities using automated and manual testing methods. Ensure identified vulnerabilities are remediated in a timely manner. Proficiency with web application security testing tools like OWASP ZAP (Zed Attack Proxy), Burp suite, Arachni, Nikto etc., Cyber Security: Threat Analysis: Conduct thorough cyber security threat analysis and implement mitigation strategies to protect the organization’s assets. Policy Development: Develop and enforce cyber security policies, standards, and best practices to ensure a secure operating environment. Risk Management: Perform regular cyber security risk assessments and develop comprehensive risk management strategies. Cloud Security: Cloud Platforms: Leverage cloud security best practices to protect services hosted on AWS, Azure, and GCP. Ensure secure configurations, access controls, and monitoring are in place. IAM: Manage identity and access management (IAM) policies to enforce least privilege and secure access to cloud resources. Networking Expertise: TCP/IP Networking: Apply a solid understanding of TCP/IP networking principles to design, implement, and troubleshoot secure network configurations and protocols. Collaboration and Compliance: Team Collaboration: Work closely with development, operations, network, and security teams to ensure cohesive and comprehensive security measures. Communication Channels: Utilize various communication channels effectively, including meetings, emails, Slack, and MS Teams, to collaborate efficiently with team members and other stakeholders. Compliance: Ensure alignment with industry standards and regulatory requirements such as GDPR, HIPAA, and PCI-DSS. Participate in compliance audits and risk assessments. Training and Mentorship: Education: Provide guidance and training to junior team members and other stakeholders on best practices for edge and cloud security, including the use and management of WAF, DDoS protection, and bot management products. Preferred Qualifications: Experience: 8 years of experience in a DevOps/SecOps role with a strong focus on edge and cloud security, WAF products (Fastly, Edgio, Cloudflare, F5 Silverline), DDoS protection, bot management, and vulnerability assessment. Technical Skills: Proficiency in maintaining and securing edge and cloud environments. Strong development skills in Node.js and Java. Experience with CI/CD tools such as Jenkins, GitLab, and CircleCI. Expertise in log analysis and monitoring using SIEM tools like Splunk and Datadog. Proficiency in testing for OWASP Top 10 vulnerabilities and mitigating identified risks and running web application security testing tools. Solid understanding of TCP/IP networking, network security principles, firewalls, IDS/IPS, and secure communication protocols Familiarity with cloud security best practices and secure configurations on AWS, Azure, and GCP. Knowledge of container orchestration (Kubernetes, Docker) and container security. Education: Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field. Relevant certifications such as CISSP, CEH, SANS GPEN, GXPN, SANS GIAC AWS Security, OSCP, or similar are highly desired. Soft Skills: Problem-Solving: Excellent analytical and problem-solving skills. Communication: Strong communication and collaboration abilities. Leadership: Proven leadership and mentorship capabilities. Team Player: Strong ability to work effectively within a team environment and collaborate across various teams. Adaptability: Ability to work independently and handle multiple, complex priorities in a fast-paced environment. Workplace Model: · Hybrid (in-office three days a week). For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations. Additional Job Description: Subsidiary: PayPal Travel Percent: 0 - PayPal is committed to fair and equitable compensation practices. Actual Compensation is based on various factors including but not limited to work location, and relevant skills and experience. The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit https://www.paypalbenefits.com. The U.S. national annual pay range for this role is $84500 to $204600 For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations. Our Benefits: At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset—you. That’s why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you. We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit https://www.paypalbenefits.com. Who We Are: Click Here to learn more about our culture and community. Commitment to Diversity and Inclusion PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at talentaccommodations@paypal.com. Belonging at PayPal: Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal. Any general requests for consideration of your skills, please Join our Talent Community. We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply. At PayPal we are reimagining money, democratizing financial services, and giving people more ways to safely connect to their money and to each other. We are purpose-driven and looking for people who want to join us at the forefront of the digital payments revolution. Learn more at PayPal.com/Jobs Learn more about privacy-related questions or data retention. If you would like your profile to be deleted from our system, please let us know Please note that this site has updated features that can’t run on older versions of Internet Explorer. Please use IE11 or MS Edge for an optimal experience. When applying for a job you are required to create an account, if you have already created an account - click Sign In. Creating an account will allow you to follow the progress of your applications. Our system does have some requirements that will help us process your application, below are some guidelines for creation of your account: Provide full legal First Name/Family Name – this is important for us to ensure our future hires have the right system set up. Please Capitalize first letter of your First and Last Name. Please avoid using fully capitalized text for your First and/or Last Name. NOTE: If your name is hyphenated or has multiple capitalization, please use the same format as your government ID. Please note that this site has updated features that can’t run on older versions of Internet Explorer. Please use IE11 or MS Edge for an optimal experience.

Salary : $84,500 - $204,600