Job Description

Summary: As a leader in the Enterprise Cyber Security (\xe2\x80\x9cECS\xe2\x80\x9d) consulting team, this role will operate as a Technical Security consultant responsible for engaging with PayPal product development teams, solution engineers and architects, operations, and business units providing policy driven security review and consultation.

: The security consultant is responsible for enabling business, reducing the risk and maintaining the security posture of the organization through Security reviews and consultation. The primary customers of this role are highly technical engineers and architects accountable for designing and deploying infrastructure and platform solutions for PayPal and the domain leaders. The engineer will be responsible for interacting with various stakeholders and providing updates to the senior leadership team. The role requires in depth knowledge of security concepts and controls used in practical application for cloud and on-premises deployments. The role includes but is not limited to participating in the engineering design and deployment of security controls, review of SaaS and on prem deployed (COTS) applications, review and consultation for network zone interconnectivity, review and consultation for data movement and cloud application deployments. The role also includes enforcing security policy, identifying risk, providing consultation on compensating controls and risk mitigation opportunities. Will act as an overall stewards of our security standards across platform, portfolio and enterprise. This role requires to lead / guide rest of the security consultant and help them take decisions on the security reviews. The engineer will participate in continuous improvement efforts by engineering and implementing automation, process improvement to reduce redundancy and drive efficiency. Job Function - distribution Working daily on security review requests by responding to queries from technical engineering and architects, product owners, operations, business units and development teams

• Participate in the design of technical solutions and implementation methods providing security guidance and ensuring inclusion of security controls
• Analyze security related incidents and provide guidance on contributing control gaps and advise on plausible technical security control solutions
• Participate in the design and deployment of security controls and alignment of controls with business requirements
• Provide security policy and procedure guidance on review requests
• Provide approval/confirmation that activities, products, or deployments are aligned with Information Security policies and procedures
• Analyze risk and propose mitigating controls
• Review peer queries for final disposition
• Escalate to management where exception to policy is requested/required
• Enabling business without compromise on security posture of the organization

Review peer and subordinate consulting engagements prior to ECS approval

• Ensure consistency and accuracy across the team
• Ensure gaps/findings/risks are identified and adjudicate risk
• Validate compensation controls are called out and understood by requestors
• Understand and advocate strategy and vision for the team
• Work across team disciplines building knowledge and improving each discipline

Represent Enterprise Cyber Security (ECS) in various counsels including Geo Data protection council, Cloud security guild, tiger teams and large initiative discussions to provide input based on Security SME and security policy and procedure feedback Participate in consulting process efficiency and improvement through

• Engineering and implementing automation
• Identify and suggesting technologies, products, and process for peer teams
• Work with the technology owners to identify patterns that can be approved without ECS review

Work Experience

• Overall 8+ years of experience in Security
• INFOSEC certification\xe2\x80\x99s like CCSP, CISSP, CISM
• Experience working in a ticketing system environment
• Experience working in at least one of the three platforms Azure, AWS, GCP
• Bachelor\xe2\x80\x99s degree or equivalent industry experience.
• Technology Cloud security practitioner or equivalent

Desirable

• Understanding of SOX 404, PCI, FFEIC, GLBA, OFAC, the Patriot Act, MAS guidelines, PBOC, RBI and other regulatory requirements for the financial services sector.
• Good understanding of information security and risk management frameworks such as OWASP and ISO27001.
• Google Professional Cloud Security Engineer
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security \xe2\x80\x93 Specialty
• Candidates should have a two to three years experience with building secure applications and background with expertise in or exposure to the following areas: NodeJS, Java Script, enterprise application security architecture (such as IAM, databases, or other security infrastructure) and other web development environments.

Skills In-depth understanding of the following cybersecurity areas with expertise in two or more areas along with very detailed cloud security knowledge and experience. Ability to provide consultation on technical design, deployment, and operations in the area

• Security Architecture
• Application Security
• Network security
• Data Security
• Cryptography
• Cloud Security

• In-depth understanding of security standards, controls, and best practices

• Knowledge of software development, network engineering, cloud engineering

• Familiarity on working in a ticketing system to handle daily task, documenting the findings / decisions, generate reports / dashboards would be preferred

• Suggest and implement new ideas to optimize and continuous focus on improving quality and processes

Behaviours

• Self-Awareness - Insightful, reflective, understands personal strengths and weaknesses, seeks feedback.
• Learns from experience; cool and resilient through change; treat others constructively and always with respect
• Mental Agility - Think through problems from a fresh point of view, comfortable with ambiguity & complexity
• Sees through customer eyes and brings in ideas to improve our products and services
• Technical research of solutions capabilities and verification of technical options, problem solver
• Get results under tough conditions; inspire others to go beyond the norm; exhibit presence that builds confidence
• Experience building and maintaining constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate (both written and verbal) with and influence both technical and non-technical audiences.
• Demonstrated experience earning the trust and respect of colleagues both in and outside of the Information Security team.
• Demonstrate ability to guide, lead, mentor team members in building strong and cohesive environment