Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Information Security DevSecOps Engineer
Company PayPal
Location Remote/San Jose, CA
Preferred GIAC Certifications GWEB/GCLD/GPCS/GPYC/GCSA/
Travel 5%
Salary Not provided
Contact Name Irish
Contact Email irishmasms/at/
Expires 2022-06-17

Job Description

At PayPal (NASDAQ: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives. We’re a purpose-driven company, and our beliefs are the foundation of how we conduct business every day. We’re guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Collectively, these values inspire us to work together as One Team with our customers at the center of everything we do, and to take care of ourselves, each other, and the communities in which we live and work. We challenge the status quo, ask questions, and find solutions. Join us as we enable the hopes, dreams, and ambitions of millions of people around the world.

As an information security DevSecOps engineer on the PayPal Enterprise Cyber Security (ECS) team, you will be a key member of a technical and hands on security team supporting the Happy Returns and ChargeHound business units, their product offerings, and the cloud infrastructure/services used. This security engineering team is responsible for designing, deploying, implementing, automating, and operationalizing security infrastructure, platforms, and toolsets with our business units and their engineering and software development efforts to meet PayPal security outcomes and business goals. In this role you will report directly to the Head of Information Security for Happy Returns and ChargeHound and work not only with your teammates, but also cross-functionally with various teams within Happy Returns, ChargeHound, and PayPal on all things related to information security, cybersecurity, and information assurance/compliance. Due to breadth of partners, you will work with, inclusivity of ideas, perspectives, and our diversity are important values that we champion.

You will actively take part in the hands-on efforts to help protect and defend our network boundaries, keep computer, network, and cloud systems hardened against malicious activity, and provide security services that protect extremely sensitive customer information. Security Engineers work hands-on with all layers and pieces of the technology stack and actively monitor our systems for attacks and intrusions in both on-prem and cloud environments. You will use your experience to own and drive the resolution of complex security incidents, the implementation of security toolsets (as well as the automation and operationalization of these toolsets to maximize our risk management capabilities as well as or return of investment (ROI), address policy questions, and resolve security issues of a technical nature. Additionally, you will also work with our software engineers to proactively identify and fix security flaws and vulnerabilities in our product and platform. Our security engineers work on a broad set of efforts focusing on scaling and automating security infrastructure and processes. We solve user and corporate security concerns, investigate security incidents, perform security gap analysis, build and integrate systems, conduct applied research, and implement novel technologies and architecture to deal with enterprise security across a diversity of computing platforms such as mobile and cloud.

When safe to do so and as business obligations require, some travel would be expected for real world incidents, site visits, practice exercises, meetings, conferences, and the like.

Information Security (DevSecOps) Engineer

Remote, USA
San Jose, California, United States of America
Los Angeles, California, United States of America

Who we are

Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 392 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom, enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.

Job Description:

What sets this team apart:
This role is with a new, greenfield team composed of diverse individuals early in their career as well as seasoned veterans who have spent time fighting nation state actors (APTs) to helping companies restore and recover from data breaches. We are driven to learn, help each other grow personally & professionally, be inclusive, and help our business units, peers, and customers identify and manage their risks. We look forward to having you join us to round out the capabilities of our team, learn from you, and help you do the same.

Note that if you do not meet 100% of the qualifications listed, you should ignore that imposter syndrome and still seriously consider applying for the role. Studies show that you can still be considered for a role if you meet just 50% of the role’s listed requirements, with an even higher percentage if you include a cover letter.

- Drive the development, implementation, installation, and operationalization of information security toolsets, platforms, infrastructure, and services that are used to monitor and protect our team and business units. Such platforms and services could include
+ Cloud platform and native service offerings to include AWS, Heroku, Lambda, etc.
+ Single Sign On (SAML, SCIM, & OAuth)
+ Code analysis (SAST/DAST/IAST) toolsets
+ Vulnerability management (for both VM, containers, and cloud platforms).
+ Operating systems (K8s, Linux, etc.)
+ Native, commercial, and open-source cloud infrastructure monitoring toolsets
+ Log management/SIEM
+ Security monitoring & detection, sensor enrichment, and tuning solutions.
- Support the operations and management of such information security toolsets, platforms, infrastructure, and services that are used to monitor and protect our team and business units, with Key Performance Indicators (KPIs) measuring performance.
- Ensure the systems and platforms in our purview are integrated with the appropriate log management and performance monitoring capabilities, with alerting and automation in place to address issues.
- Obtain results from various security toolsets in our purview, review & prioritize findings, assist with issue/incident analysis and management. Your focus should be to automate as much of this process as possible.
- Develop the appropriate Networking as code and/or Infrastructure as code capabilities to standardize and automate the implementation, installation, and operationalization of information security toolsets, platforms, infrastructure, and services.
- Conduct technical, operational, and security/risk evaluations to identify coverage gaps in existing information security controls, corporate and production infrastructure, architecture, and processes. With your findings, propose suitable mitigations or compensating controls that address the concerns that fit the cultural and business needs of the team and organization.
- Provide security expertise and guidance to a diverse set of both technical and non-technical individuals on various engineering and business teams.
- Troubleshoot and resolve problems across a wide array of services and function areas.
- Respond to and investigate security incidents. Coordinate with leadership and PayPal’s security operations team regarding findings and mitigations.
- Work with & support our Application Security/Product Sec engineer with their efforts to secure the product offering and the cloud platforms used to deliver the offering.
- Support the business unit with various information assurance/compliance support needs, with an eye for automating and optimizing the efforts,
- Take an active, hands-on role in helping the team, business unit, and peers migrate to a truly agile, “shift left”, “DevSecOps” approach and operations to our team and group.
- Mentor other team members as requested by leadership.

Minimum Qualifications
At least 5 years of relevant industry experience in information/cybersecurity. During that time, you should have hands on, in-depth experience, with a thorough understanding of:
- Using, managing, and securing popular cloud services (SAAS, IAAS, etc.)
- Security concepts in Heroku and AWS and with the available security tools, such as Inspector, GuardDuty, Macie, Config, CloudFormation, CloudWatch, CloudTrail, Trusted Advisor, WAF etc., while also being familiar with third party alternatives (and when it is beneficial to use them).
- How to administer and effectively manage monitoring and detection systems that are UNIX, Linux, and/or BSD based that are based in AWS.
- Computer networking, routing, and protocols
- Deploying Identity and access management services including Single Sign On (SSO) frameworks and mechanisms such as OAuth, SCIM, and SAML.
- How legitimate users administer, use, and secure common consumer and enterprise network devices and systems, and how malicious actors exploit them.
- Log management and security analytics tools, including open source and commercial platforms/toolsets.
- Implementing, Integrating, and tuning network and cloud security infrastructure, applications (web and mobile), as well as security tools and platforms, and the automation to operationalize them
- Integrating security in the continuous integration, continuous delivery, and continuous deployment (CI/CD) pipeline for Networking as code and Infrastructure as code (running unit tests, running security tools, managing secrets using tools such as Vault) using configuration management and automation tools such as Jenkins, Chef, Ansible, Puppet, etc.
- The ability to monitor, evaluate, and interpret vulnerabilities/CVEs, vulnerability, risk, and security assessments, cloud platform/system/device/IDS/IPS logs, threat analysis, and malware.
- Knowledgeable about and able to apply open-source and proprietary information within the industry.
- Excellent oral and written communications skills for working with a diverse professional clientele with varying levels of technical experience. Ability to interact with internal and external customers, leadership, and co-workers both in person, virtually, and in writing.
- Ability to research highly technical topics and derive logical conclusions using well thought out processes, eliminating bias and logical fallacies.
- Ability to combine information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risk.
- Working with and in O365, or the ability & willingness to learn the platform and applications.

During your career you should have been exposed to and have an understanding of:
- Security monitoring and intrusion detection,
- Managing the information security incident lifecycle, including incident response, mitigation, forensics, after-action reporting, and mapping a path forward.
- Secure network design
- Information security architecture, mitigation of threats, and compensating controls.
- Applied cryptography and security protocols
- Penetration testing and red teaming
- Enterprise risk management programs, including internal audits, consulting engagements, information technology reviews, audit, and compliance efforts.
- Proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps systems
- Digital forensics procedures and tools, malware analysis, and reverse engineering.
- Applying statistics and other mathematical methods to data analysis.
- Implementing and working with industry standards and guidelines relevant to the role and our industry, such as ISO, ITIL, NIST, SANS, CIS, ACIPA SOC1/SOC2/SOC3, and PCI.
- Experienced in Regular Expressions (REGEX) as well as one or more languages, to include Python, Perl, Ruby, Bash, and/or Golang.
- Have a willingness and desire to learn.
- Possess and nurture a hacker mentality: Being able to visualize issues and possible solutions outside the box.
- Must be a conscientious, punctual, professional, and devoted member of our team having the highest level of ethics and core values; with the ability to safeguard sensitive, restricted, and other information deemed to have special handling and dissemination protocols.
- Strong bias for action and ownership.
- Have proven abilities to work cross functionally and delivery results, with the perspective that no project is too big or too small.
- Effective when working under pressure and good enough to make sure that rarely happens.

- Bachelor's degree, a combination of experience and/or Associates degree, or an equivalent combination of education, training, and work or volunteer experience. Note that all degrees must be from an accredited institution and in a technical discipline or significant coursework in software development, information security, risk management, or information technology is preferred.
- Having (or planning to have) information security and technology related certifications are a plus. Examples of such certifications would include:
+ Any of the AWS certifications
+ Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance (CSA).
+ PDSO DevSecOps Professional (CDP)
+ PDSO DevSecOps Expert (CDE)
+ PDSO DevSecOps Leader (CDL)
+ PDSO Container Security Expert (CCSE)
+ PDSO Threat Modelling Professional (CTMP)
+ PDSO Cloud Native Security Expert (CCNSE)
+ SANS GIAC Information Security Professional (GISP),
+ SANS GIAC Certified Web Application Defender (GWEB),
+ SANS GIAC Python Coder (GPYC),
+ SANS GIAC Public Cloud Security (GPCS),
+ SANS GIAC Continuous Monitoring Certification (GMON),
+ SANS GIAC Defensible Security Architecture (GDSA),
+ SANS GIAC Defending Advanced Threats (GDAT),
+ SANS GIAC Enterprise Vulnerability Assessor (GEVA),
+ SANS GIAC Cloud Security Automation (GCSA),
+ SANS GIAC Cloud Security Essentials (GCLD),
+ SANS GIAC Critical Controls Certification (GCCC).
Note that the ability to articulate and demonstrate skills are as or more important than the certification.