Staff Product Security Engineer

Staff Product Security Engineer

As a Staff Product Security Engineer at PayPal, you'll help secure 434 million accounts and $1.6 trillion in annual payment volume across PayPal and its business lines. You'll embed security into the software development lifecycle (SDLC) by shaping architecture decisions, influencing roadmaps, and scaling impact through automation, tooling, and mentorship. You'll also perform in-depth design, architecture, and code reviews, working directly with developers and product teams to ensure products are secure by design.

Essential Responsibilities:

• Leverage specialized security expertise to identify and resolve complex security issues, recommending best practices and determining new approaches that have an impact on broader security operations.
• Partner across teams and key stakeholders to drive security initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to solve security challenges, considering diverse perspectives and innovative solutions. Stay current with industry trends and emerging technologies, understanding their security implications to the company's context.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in security practices.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security processes.

Expected Qualifications:

• 5+ years relevant experience and a Bachelor’s degree OR any equivalent combination of education and experience.

Minimum Qualifications:

• Expertise in application security vulnerabilities (e.g., OWASP Top 10) and secure coding practices.
• Track record of partnering with developers to remediate vulnerabilities and implement robust security controls.
• Strong written and verbal communication skills, with the ability to influence both technical and executive audiences.
• Experience mentoring and developing engineers.

Preferred Qualifications:

• Experience with application security tools (SAST, DAST, SCA, WAF, Burp Suite).
• Strong programming experience in at least one language such as Ruby, Java, Python, JavaScript, or Swift.
• Knowledge of Kubernetes, Terraform, and version control systems such as Git.
• Hands-on experience with at least one major cloud vendor (AWS, Azure, GCP).
• Strong understanding of authentication and authorization protocols (OAuth 2.0, SAML).

As a Staff Product Security Engineer in the PayPal Cyber & Information Security (PCIS) organization, you will work closely with product teams to embed security throughout the software development lifecycle. This senior role will provide the opportunity to develop new skills, collaborate across teams, mentor peers, and continue learning in a rapidly changing environment.

Your day-to-day responsibilities will include:

• Conduct security design and code reviews, facilitate penetration testing, and contribute to threat models.
• Partner with engineers on secure coding, vulnerability remediation, and defensive design patterns.
• Develop and support in-house tooling (including AI-driven solutions) to scale product security reviews and governance.
• Implement, manage, and operate application security tools (SAST, DAST, SCA, etc.).
• Respond to product security incidents, driving root cause analysis and mitigation.
• Collaborate with developers and platform engineers to identify vulnerabilities and apply mitigating controls.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.