Cybersecurity Risk Engineer

Job Description Summary:

PayPal is committed to democratizing financial services for the global citizens. We are looking for a high-energy, passionate, and self-driven Cybersecurity Risk Engineer, to build and deliver capabilities and services to continuous assess our threat models and analyze impacts of the rapidly evolving global landscape. The Cybersecurity Risk Engineer will maintain the library of technical and operational risk models and will have responsibilities to partner and collaborate across multi-functional teams to gain deep insight into our dynamic environments and evolving security capabilities. Participate in strategic initiatives and influence business priorities through awareness and advocacy of trending cybersecurity threats and events.

If you are passionate about applied technical cybersecurity, and assessing & analyzing for threats to determine operational and technical risks, then come and join our ECS team by applying for this role.

 

Job Description:

Be a technical thought leader as part of PayPal’s Enterprise Cyber Security team. Bring security expertise and a cloud-first mindset to a challenging and dynamic environment.

Research and Analyze Threats & Impacts

  • Develop technical hands-on knowledge and experience of PayPal’s global infrastructure and capabilities, and gain deep understanding of the company’s capabilities.
  • Partner with cross-functional team leads to gain awareness of evolving business and technical threat landscape, including strategic business roadmaps and external industry events & campaigns.
  • Develop and maintain technical and operational risk framework to analyze for threats and impacts based on classes of threat actors and capabilities, our defensive capabilities, and our operational business models.
  • Perform and apply quantitative analysis against various threat scenarios to develop and prioritized unanticipated impacts against PayPal.

Technical Writing, Communicate and Influence

  • Own and maintain the library of threat models with detailed business impact analysis.
  • Publish prioritized technical & operational risk models that will be consumed by the stakeholders from variety of business and technical acumens.
  • Maintain in-depth and detailed attack surface analysis and effectiveness of defensive capabilities.
  • Leverage data to influence the business – demonstrate and highlight high risks areas and decisions.

Impact on the Business

  • Influence business priorities and organizational decisions through operational cadences to provide awareness and education of impending and changing threats and impacts.
  • Collaborate across multilayer stakeholders from engineers to business leaders.
  • Responsible for defining metrics to measure success and performance.

Qualifications

Experience Requirements

  • Minimum of 5 years’ experience in technical security role at a large, global company in dynamic and fast-changing markets.
  • Demonstrated experience and confidence on hands-on assessment of multi-discipline of technology, including security infrastructure and products, hybrid cloud infrastructure, DevOps tools, web and mobile technologies.
  • Deep subject matter expertise in threat modeling concepts, approaches and methods. Knowledgeable in common threat assessment frameworks, such as STRIDE, PASTA, DREAD, etc., and understand nuance on effective application of the methods.
  • Experience in quantitative risk frameworks and perform business impact analysis, such as FAIR, OCTAVE, COBIT, etc.
  • Experience with large software engineering and security engineering organizations.
  • Excellent communication and technical writing skills.

Competency Requirements

  • Demonstrated ability to assess complex business problems, perform technical assessments, and perform operational business assessments.
  • Ability to lead discussions and align cross-functional teams to security concepts and risks.
  • Develop the business, information, and technical artifacts that articulates and describes technical threats, business impacts and operational risks.
Posted: March 14, 2021
<< Back to Job-Board