Lead Threat Detection Engineer

**At PayPal (NASDAQ**: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives.

**Job Description Summary**: The Lead Cybersecurity Engineer will be a part of the threat engineering team, a global technical team that provides support on advanced solutions for security controls, tooling, detections, automation, monitoring, purple teaming, research and alerting in alignment with the MITRE ATT&CK Framework.

We are looking for a Lead Cybersecurity Engineer to join our threat engineering team. In this IC (Individual Contributor) role, you will support and develop on-prem and cloud (Azure, AWS, GCP) defensive tools and procedures to optimize threat mitigation and increase PayPal's security posture. The primary day-today responsibilities include designing solutions to improve overall security posture for incident response operations, cybersecurity analysts and threat hunters across the global business. Key Responsibilities: Leading the engineering, implementation, and maintenance of security tools, solutions, and processes to ensure an appropriate level of security posture. Lead and manage the security policies of top-of-the-line security tools (EDR, UBA, Cloud, and SIEM) Develop detection rules across various platforms and Business Units to improve our overall detection capabilities Create automated processes and workflows to improve PayPal's security posture and SLA (Service Level Agreements) adherence Perform end-to-end threat hunting cycle, including Purple Team exercises Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats Collaborate with colleagues across the globe to impact and drive results.

**Qualifications**: 7+ years of experience in Cybersecurity, ideally with previous a Security Operation Center (SOC) Analyst. Bachelor's Degree or equivalent experience in information security technology or equivalent work experience and/or Security certifications. Experience with Splunk Enterprise Security; building detections, and advanced querying, dashboarding. Experience with Security Orchestration, Automation and Response Tools (SOAR) Knowledge of or demonstrated experience with defense in depth, trust levels, privileges, and permissions. Experience with Kusto Query Language (KQL) or other Database query languages, an advantage Strong technical experience and familiarity with various techniques of cyber-attacks, MITRE ATT&CK framework, Purple Team concepts, incident response, and threat hunting modelling Working experience within a Security Operations Center environment, improving SOC processes and workflows related to security operations Java scripting or python programming, an advantage, but not required Deep understanding of tools and processes used in security incident detection and handling Strong organizational and multi-tasking and time management skills Ability to work in a dynamic and multicultural environment, with a collaborative and positive/professional persona Highly motivated, results focused, innovative, curious, and a continuous learner

**Our Benefits**:
At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset—you. That’s why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.

**Who We Are**:
Click Here to learn more about our culture and community.

As part of PayPal’s commitment to employees’ health and safety, we have established in-office Covid-19 protocols and requirements, based on expert guidance. Depending on location, this might include a Covid-19 vaccination requirement for any employee whose role requires them to work onsite. Employees may request reasonable accommodation based on a medical condition or religious belief that prevents them from being vaccinated.