Logo
Cyber Crime

Application Security Architect @ PayPal

Cyber Crime, San Jose, CA, United States

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy.

The Application Security Architect at PayPal is a seasoned AppSec expert and will be responsible for Security Architecture functions within the enterprise. This role requires a deep understanding of modern application security principles, methodologies, and tools. The ideal candidate will have a proven track record of designing, implementing, and managing comprehensive application security programs within large-scale enterprises.

Job Description:

This position involves collaborating with development teams, security engineers, and other stakeholders to identify, assess, and mitigate application security risks throughout the software development lifecycle (SDLC). You will be responsible for developing and maintaining a robust application security strategy and architecture that aligns with industry best practices and regulatory requirements. The ideal candidate will possess a deep understanding of both AppSec and general cybersecurity principles.

Key Responsibilities:

  • Develop and maintain a robust application security strategy, standards and target state architectures which aligns with industry best practices and regulatory requirements.
  • Be the application security advocate across the organization. Lead discussions and reviews around new technologies, framework enhancements and product reviews.
  • Define and improve application security in the SDLC, ensuring security is prioritized from inception to deployment.
  • Conduct regular security architecture risk assessments and threat modelling to implement effective risk mitigation strategies.
  • Ensure compliance with relevant security standards, regulations, and industry frameworks (e.g., PCI DSS, GDPR).
  • Maintain awareness on latest DevSecOps approaches and how they fit into large enterprise organization’s AppSec program.
  • Collaborate with software engineers and leadership teams as well as cybersecurity teams to integrate security controls throughout the software development lifecycle.
  • Be comfortable interfacing and providing guidance to senior and technical leadership on application security issues/approaches, to achieve the deployment of effective security solutions.

Qualifications:

  • Degree in Computer Science, Cybersecurity, Mathematics, or a related field.
  • 15+ years' experience in AppSec, Software/Systems Engineering, and/or Architecture.
  • Expert level understanding of NodeJS, Java, modern web development frameworks and Service Oriented Architecture (SOA).
  • Familiarity with iOS, Android and browser SDK development.
  • Expert level understanding of AppSec scanning tools across SAST/SCA/DAST/IAST/Container Security/API Security/Secret Scanning/Fuzzing in large enterprise environments.
  • In depth knowledge of SDLC, and CI/CD pipelines best practices.
  • Good understanding of SLSA and supply chain security.
  • Expert level understanding of containerized platforms and security best practices.
  • In depth understanding of cybersecurity principles, including cryptography, authentication, web security, vulnerability assessments and threat detection.
  • Desired expertise in various security testing activities, including penetration testing, vulnerability scanning, and code reviews.
  • Working knowledge of major cloud platforms such as AWS, Azure, Google Cloud.
  • Industry certifications (e.g., CISSP, CISM, CCSP, or equivalent) are a plus.
#J-18808-Ljbffr