Information Security Devsecops Engineer

Paypal Springfield , IL 62701

Posted 2 months ago

At PayPal (NASDAQ: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives.

When applying for a job you are required to create an account, if you have already created an account - click Sign In.

Creating an account will allow you to follow the progress of your applications. Our system does have some requirements that will help us process your application, below are some guidelines for creation of your account:

  • Provide full legal First Name/Family Name - this is important for us to ensure our future hires have the right system set up.

  • Please Capitalize first letter of your First and Last Name.

  • Please avoid using fully capitalized text for your First and/or Last Name.

  • NOTE: If your name is hyphenated or has multiple capitalization, please use the same format as your government ID.

Job Description Summary:

What you need to know about the role:

As a senior information security DevSecOps engineer on the PayPal Enterprise Cyber Security (ECS) team, you will be a key member of a technical and hands on security team tasked with implementing and integrating the security tools and platforms with recently acquired business units. These efforts currently support the Happy Returns and ChargeHound business units, their product offerings, and the cloud infrastructure/services used. This security engineering team is responsible for designing, deploying, implementing, automating, and operationalizing security infrastructure, platforms, and toolsets with our business units and their engineering and software development efforts to meet PayPal security outcomes and business goals. In this role you will report directly to the Head of Information Security for Happy Returns and ChargeHound and work not only with your teammates, but also cross-functionally with various teams within Happy Returns, ChargeHound, and PayPal on all things related to information security, cybersecurity, and information assurance/compliance. Due to breadth of partners, you will work with, inclusivity of ideas, perspectives, and our diversity are important values that we champion.

Job Description:

Meet our team:

This role is with a relatively new, greenfield team composed of diverse individuals early in their career as well as seasoned veterans who have spent time fighting nation state actors (APTs), presented at DEFCON and other security conferences, conducted penetration tests on F100 companies, to helping companies restore and recover from data breaches. We are driven to learn, help each other grow personally & professionally, be inclusive, and help our business units, peers, and customers identify and manage their risks. We look forward to having you join us to round out the capabilities of our team, learn from you, and help you do the same.

This is a remote role in North America, working with remote team members in North America and peers around the world. When safe to do so and as business obligations require, some travel would be expected for real world incidents, site visits, practice exercises, meetings, conferences, and the like.

Your way to impact

You will actively take part in and lead the hands-on efforts to help protect and defend our network boundaries, keep computer, network, and cloud systems hardened against malicious activity, and provide security services that protect extremely sensitive customer information. Our Security Engineers work hands-on with all layers and pieces of the technology stack, actively monitor our systems for attacks and intrusions in both on-prem and cloud environments. You will use your experience to own, facilitate, and drive the resolution of complex security incidents, the implementation of security toolsets, the automation and operationalization of these toolsets to maximize our risk management capabilities as well as our return of investment (ROI), address policy questions, and resolve security issues of a technical nature. Additionally, you will also work with our software engineers to proactively identify and fix security flaws and vulnerabilities in our product and platform. Our security engineers work on a broad set of efforts focusing on scaling and automating security infrastructure and processes. We solve user and corporate security concerns, investigate security incidents, perform security gap analysis, build and integrate systems, conduct applied research, and implement novel technologies and architecture to deal with enterprise security across a diversity of computing platforms such as mobile and cloud. Our focus is to assess the newly acquired business unit's security posture and toolsets, map out the needed capabilities while aligning with PayPal' standards and compliance obligations, and work with the various stakeholders to implement, operationalize, and optimize.

What do you need to bring:

You should have at least 5 years of relevant industry experience in information security/cybersecurity. During that time, you should have hands on, in-depth experience, with a thorough understanding of the following:

  • Using, managing, and securing popular cloud services and platforms that are SaaS, IaaS, etc.

  • Security concepts in Heroku and AWS and with the available security tools, such as Inspector, GuardDuty, Macie, Config, CloudFormation, CloudWatch, CloudTrail, Trusted Advisor, WAF etc., while also being familiar with third party alternatives (and when it is beneficial to use them).

  • How to administer and effectively manage monitoring and detection systems that are UNIX, Linux, and/or BSD based that are based in AWS or GCP.

  • Computer networking, routing, and protocols

  • Deploying Identity and access management services including Single Sign On (SSO) frameworks and mechanisms such as OAuth, SCIM, and SAML.

  • How legitimate users administer, use, and secure common consumer and enterprise network devices and systems, and how malicious actors exploit them.

  • Log management and security analytics tools, including open source and commercial platforms/toolsets.

  • Implementing, Integrating, and tuning network and cloud security infrastructure, applications (web and mobile), as well as security tools and platforms, and the automation to operationalize them

  • Integrating security in the continuous integration, continuous delivery, and continuous deployment (CI/CD) pipeline for Networking as Code (NaC) and Infrastructure as Code (IaC) (running unit tests, running security tools, managing secrets using tools such as Vault) using configuration management and automation tools such as Jenkins, Chef, Ansible, Puppet, Terraform, etc.

  • Experienced with using Regular Expressions (REGEX) as well as with automation and development leveraging Python, Networking as Code (NaC) such as Terraform, Infrastructure as Code (IaC), and Golang.

  • The ability to monitor, evaluate, and interpret vulnerabilities/CVEs, vulnerability, risk, and security assessments, cloud platform/system/device/IDS/IPS logs, and threat analysis.

  • Proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps systems

  • Knowledgeable about and able to apply open-source and proprietary information within the industry.

  • Excellent oral and written communications skills for working with a diverse professional clientele with varying levels of technical experience. Ability to interact with internal and external customers, leadership, and co-workers both in person, virtually, and in writing.

  • Ability to research highly technical topics and derive logical conclusions using well thought out processes, eliminating bias and logical fallacies.

  • Ability to combine information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risk.

  • Working with and in O365, or the ability & willingness to learn the platform and applications.

  • During your career you should have been exposed to and have an understanding of:

  • Security monitoring and intrusion detection,
  • Managing the information security incident lifecycle, including incident response, mitigation, forensics, after-action reporting, and mapping a path forward.+ Secure network design+ Information security architecture, mitigation of threats, and compensating controls.+ Applied cryptography and security protocols
  • Penetration testing and red teaming
  • Enterprise risk management programs, including internal audits, consulting engagements, information technology reviews, audit, and compliance efforts.+ Implementing and working with industry standards and guidelines relevant to the role and our industry, such as ISO, ITIL, NIST, SANS, CIS, ACIPA SOC1/SOC2/SOC3, and PCI.
  • Have a willingness and desire to learn.

  • Possess and nurture a hacker mentality: Being able to visualize issues and possible solutions outside the box.

  • Must be a conscientious, punctual, professional, and devoted member of our team having the highest level of ethics and core values; with the ability to safeguard sensitive, restricted, and other information deemed to have special handling and dissemination protocols.

  • Strong bias for action and ownership.

  • Have proven abilities to work cross functionally and delivery results, with the perspective that no project is too big or too small.

  • Effective when working under pressure and good enough to make sure that rarely happens.

  • Bachelor's degree, a combination of experience and/or Associates degree, or an equivalent combination of education, training, and work or volunteer experience. Note that all degrees must be from an accredited institution and in a technical discipline or significant coursework in software development, information security, risk management, or information technology is preferred.

  • Having (or planning to have) information security and technology related certifications are a plus. Examples of such certifications would include:

  • Any of the AWS certifications
  • Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance (CSA).+ PDSO DevSecOps Professional (CDP)+ PDSO DevSecOps Expert (CDE)+ PDSO DevSecOps Leader (CDL)+ PDSO Container Security Expert (CCSE)+ PDSO Threat Modelling Professional (CTMP)+ PDSO Cloud Native Security Expert (CCNSE)
  • SANS GIAC Information Security Professional (GISP),
  • SANS GIAC Certified Web Application Defender (GWEB),
  • SANS GIAC Python Coder (GPYC),
  • SANS GIAC Public Cloud Security (GPCS),
  • SANS GIAC Continuous Monitoring Certification (GMON),
  • SANS GIAC Defensible Security Architecture (GDSA),
  • SANS GIAC Defending Advanced Threats (GDAT),
  • SANS GIAC Enterprise Vulnerability Assessor (GEVA),
  • SANS GIAC Cloud Security Automation (GCSA),
  • SANS GIAC Cloud Security Essentials (GCLD),
  • SANS GIAC Critical Controls Certification (GCCC).

Note that the ability to articulate and demonstrate skills are as or more important than the certifications or the education.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Note that if you do not meet 100% of the qualifications listed, you should ignore that imposter syndrome and still seriously consider applying for the role. Studies show that you can still be considered for a role if you meet just 50% of the role's listed requirements, with an even higher percentage if you include a cover letter. Please don't hesitate to apply.



Travel Percent:


Colorado Only : The pay range for this position is as mentioned below per year, plus annual bonus. We take into consideration an individual's background and experience in determining final salary. All PayPal employees are shareholders in our Company, so equity is part of our total compensation plan. This role is also eligible for health insurance, stock purchase plans, retirement savings benefits, stock awards, life insurance and disability benefits, and paid time off for sick leave, parental leave, vacation and PTO. To learn more visit This information is provided per the Colorado Equal Pay Act. Base pay information is based on market location.

Colorado Salary in USD : $134385 - $166005

Our Benefits:

At PayPal, we're committed to building an equitable and inclusive global economy. And we can't do this without our most important asset-you. That's why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.

We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit

Who We Are:

Click Here to learn more about our culture and community.

PayPal has remained at the forefront of the digital payment revolution for more than 20 years. By leveraging technology to make financial services and commerce more convenient, affordable, and secure, the PayPal platform is empowering more than 400 million consumers and merchants in more than 200 markets to join and thrive in the global economy. For more information, visit

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at

As part of PayPal's commitment to employees' health and safety, we have established in-office Covid-19 protocols and requirements, based on expert guidance. Depending on location, this might include a Covid-19 vaccination requirement for any employee whose role requires them to work onsite. Employees may request reasonable accommodation based on a medical condition or religious belief that prevents them from being vaccinated.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Ops Center Alert Specialist I (Information Services Specialist I Option S) (Ump)

State Of Illinois

Posted 1 week ago

VIEW JOBS 11/24/2022 12:00:00 AM 2023-02-22T00:00 <p>Agency : Department of Innovation and Technology</p><p>Posting Date: 11/21/2022</p><p>Closing Date/Time: 12/06/2022</p><p>Salary: $4,738 - $6,964</p><p>Job Type: Salaried Full Time</p><p>County: Sangamon</p><p>Number of Vacancies: 1</p><p>Plan/BU: RC063</p><p>This position is a union position; therefore, provisions of the relevant collective bargaining agreement/labor contract apply to the filling of this position.</p><p>All applicants who want to be considered for this position MUST apply electronically through the website. State of Illinois employees should click the link near the top left to apply through the SuccessFactors employee career portal.</p><p>Applications submitted via email or any paper manner (mail, fax, hand delivery) will not be considered.</p><p>Posting Identification Number 20877</p><p>Performs, but not limited to, the following duties for the IL Department of Innovation and Technology: Serves as a security Operations Center (SOC) Alert Specialist I; Monitors multiple security technologies and other information sources to identify and detect potential information security incidents; Conducts limited analysis of system outputs, notifications and alerts to determine the validity and information security impact of the data based on training, policies and procedures; Reviews other sources of information as directed to classify and prioritize the alerts based on predetermined criteria. Utilizes security monitoring technologies including, but not limited to, Security Information and Event Monitoring (SIEM) systems, anti-virus and other end-point monitoring systems, data loss prevention technologies, secure configuration monitoring systems, electronic mail and information systems logs and log management systems. If you posses these skills, we invite you to apply for this position with DoIT!</p><p>Job Responsibilities</p><p>35% Under immediate supervision, serves as a Security Operations Center (SOC) Alert Specialist I for the Department of Innovation &amp; Technology (DoIT):</p><ul><li><p>Monitors multiple security technologies and other information sources to identify and detect potential information security incidents</p></li><li><p>Conducts limited analysis of system outputs, notifications and alerts to determine the validity and information security impact of the data based on training, policies and procedures</p></li><li><p>Reviews other sources of information as directed to classify and prioritize the alerts based on predetermined criteria</p></li><li><p>Utilizes security monitoring technologies including, but not limited to, Security Information and Event Monitoring (SIEM) systems, anti-virus and other end-point monitoring systems, data loss prevention technologies, secure configuration monitoring systems, electronic mail and information system logs and log management systems</p></li><li><p>Evaluates reports of potential security incidents reported by end-users, supervisory personnel and external entities including the Multi-State Information Sharing and Analysis Center (MS-ISAC), law enforcement agencies, citizens and public information sources</p></li></ul><p>30% Performs limited assignments utilizing established policies, standards and procedures to determine which security alerts and notifications should be identified as information security incidents:</p><ul><li><p>Collects additional information from security systems, end-users and other sources to document and communicate the existence of a security incident in a timely manner</p></li><li><p>Classifies security incidents per pre-established classification schemes</p></li><li><p>Communicates with agency security officers, security managers, other security personnel and agency personnel to resolve minor security incidents as defined and directed</p></li><li><p>Escalates more serious and/or complex security incidents to more senior security staff</p></li></ul><p>15% Serves as an initial recipient of information security and cyber-security vulnerability and threat information received from information systems and sources including, but not limited to, information system vulnerability monitoring tools, the Multi-State Information Sharing and Analysis Center (MS-ISAC), the Illinois Statewide Terrorism Intelligence Center (STIC), software and hardware vendors, internal and security personnel:</p><ul><li><p>Conducts initial triage activities of vulnerability and threat information as defined by previous training, policies, standards and procedures</p></li><li><p>Communicates findings in a timely manner as defined by procedures</p></li></ul><p>(Job Responsibilities continued)</p><p>10% Continues education by attending training sessions, seminars and conferences to increase familiarity with and maintain current on security products, vendors, techniques and procedures:</p><ul><li><p>Monitors on-line information security related websites, blogs, articles, reports, as well as other security intelligence sources to keep up-to-date on the latest security threats and trends</p></li><li><p>Compiles summaries and other documentation of information security and cybersecurity topics as assigned</p></li><li><p>Travels to attend meetings, training sessions and conferences</p></li></ul><p>5% Assists senior security personnel during incident response activities of more serious and/or complex security incidents</p><p>5% Performs other duties as required or assigned which are reasonably within the scope of duties enumerated above</p><p>Knowledge, Skills, and Abilities</p><p>Minimum Qualifications:</p><ul><li>Requires knowledge, skill, and mental development equivalent to completion of two years of college, with course work in computer science, management information systems, IT auditing, Cybersecurity or a related field; OR satisfactory completion of an agency sponsored training program</li></ul><p>Specialized Skills:</p><ul><li><p>Requires working knowledge of information security frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework</p></li><li><p>Requires working knowledge of computer networking concepts and protocols, network security methodologies, emerging security issues, risks, vulnerabilities and information security industry best practices</p></li><li><p>Requires working knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities</p></li></ul><p>Preferred Qualifications (In order of Significance):</p><ul><li><p>Good oral and written communication skills to present technical information to non technical decision makers with clarity and precision</p></li><li><p>working knowledge of information security frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework</p></li><li><p>Working knowledge of computer networking concepts and protocols, network security methodologies, emerging security issues, risks, vulnerabilities and information security industry best practices</p></li><li><p>Working knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities</p></li></ul><p>Employment Conditions</p><ul><li><p>Requires SANS Security Essentials Bootcamp Certification</p></li><li><p>Requires ability to travel</p></li><li><p>Requires use of agency-supplied equipment (mobile phone, laptop, etc)</p></li><li><p>Requires the ability to successfully complete a fingerprint-based background check as defined in the Department of Justice, Federal Bureau of Investigation Criminal Justice Information Services (CJIS) Security Policy, Internal Revenue Service Publication 1075 and background check done by the Illinois State Police</p></li></ul><p>Work Hours: Tuesday - Saturday 8:00AM - 4:30PM</p><p>Work Location: 120 W Jefferson St Springfield, IL 62702-5170</p><p>Agency Contact:</p><p>Job Family: Technology</p><p>This position DOES contain &quot;Specialized Skills&quot; (as that term is used in CBAs).</p><p>APPLICATION INSTRUCTIONS</p><p>Use the &quot;Apply&quot; button at the top right or bottom right of this posting to begin the application process.</p><p>If you are not already signed in, you will be prompted to do so.</p><p>State employees should sign in to the career portal for State of Illinois employees - a link is available at the top left of the homepage in the blue ribbon.</p><p>Non-State employees should log in on the using the &quot;View Profile&quot; link in the top right of the homepage in the blue ribbon. If you have never before signed in, you will be prompted to create an account.</p><p>If you have questions about how to apply, please see the following resources:</p><p>State employees: Log in to the career portal for State employees and review the Internal Candidate Application Job Aid</p><p>Non-State employees: on - click &quot;Application Procedures&quot; in the footer of every page of the website.</p><p>The Department of Innovation &amp; Technology (DolT) is the state's IT agency delivering an enterprise approach to statewide technology, innovation and telecommunication services, as well as policy and standards development, lifecycle investment planning, and cybersecurity services. With over 1,500 employees, DolT delivers IT services and innovative solutions to customer agencies to improve services provided to Illinois residents, DolT offers employees the opportunity to advance their careers, develop new skills and reach their potential, both personally and professionally. DoIT is committed to promoting and preserving a workplace culture that embraces diversity and inclusion. We welcome and value employees with different backgrounds, life experiences and talents. It is the collective sum of our individual differences that provides a broad perspective, leading to greater innovation and achievement. In recruiting for our team, we recognize the unique contributions of each applicant regardless of culture, ethnicity, race, national origin, sex, gender identity and expression, age, religion, disability, and sexual orientation.</p><p>The main form of communication will be through email. Please check your &quot;junk mail&quot;, &quot;spam&quot;, or &quot;other&quot; folder for communication(s) regarding any submitted application(s). You may receive emails from the following addresses:</p><ul><li></li><li></li></ul> State Of Illinois Springfield IL

Information Security Devsecops Engineer