Logo
PayPal, Inc.

Application Security Architect

PayPal, Inc., San Jose, California, United States, 95199


The Company PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers. We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities. Job Description Summary: The Application Security Architect at PayPal is a seasoned AppSec expert and will be responsible for Security Architecture functions within the enterprise. This role requires a deep understanding of modern application security principles, methodologies, and tools. The ideal candidate will have a proven track record of designing, implementing, and managing comprehensive application security programs within large-scale enterprises. Job Description: This position involves collaborating with development teams, security engineers, and other stakeholders to identify, assess, and mitigate application security risks throughout the software development lifecycle (SDLC). You will be responsible for developing and maintaining a robust application security strategy and architecture that aligns with industry best practices and regulatory requirements. The ideal candidate will possess a deep understanding of both AppSec and general cybersecurity principles. Key Responsibilities: Develop and maintain a robust application security strategy, standards and target state architectures which aligns with industry best practices and regulatory requirements. Be the application security advocate across the organization. Lead discussions and reviews around new technologies, framework enhancements and product reviews. Define and improve application security in the SDLC, ensuring security is prioritized from inception to deployment. Conduct regular security architecture risk assessments and threat modelling to implement effective risk mitigation strategies. Ensure compliance with relevant security standards, regulations, and industry frameworks (e.g., PCI DSS, GDPR). Maintain awareness on latest DevSecOps approaches and how they fit into large enterprise organization’s AppSec program. Collaborate with software engineers and leadership teams as well and cybersecurity teams to integrate security controls throughout the software development lifecycle. Be comfortable interfacing and providing guidance to senior and technical leadership on application security issues/approaches, to achieve the deployment of effective security solutions. Qualifications: Degree in Computer Science, Cybersecurity, Mathematics, or a related field. 15+ years' experience in AppSec, Software/Systems Engineering, and/or Architecture. Expert level understanding of NodeJS, Java, modern web development frameworks and Service Oriented Architecture (SOA). Familiarity with iOS, Android and browser SDK development. Expert level understanding of AppSec scanning tools across SAST/SCA/DAST/IAST/Container Security/API Security/Secret Scanning/Fuzzing in large enterprise environments. In depth knowledge of SDLC, and CI/CD pipelines best practices. Good understanding of SLSA and supply chain security. Expert level understanding of containerized platforms and security best practices. In depth understanding of cybersecurity principles, including cryptography, authentication, web security, vulnerability assessments and threat detection. Desired expertise in various security testing activities, including penetration testing, vulnerability scanning, and code reviews. Working knowledge of major cloud platforms such as AWS, Azure, Google Cloud. Industry certifications (e.g., CISSP, CISM, CCSP, or equivalent) are a plus.

#J-18808-Ljbffr