Offensive Security Engineer

**The Company**

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy.

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade.

Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do - and they push us to ensure we take care of ourselves, each other, and our communities.

Job Description Summary: This offensive security engineer will lead and execute security engagements that combine both red team and purple team methodologies. Your role will involve designing and executing sophisticated cyberattacks, simulating advanced persistent threats and collaborating closely with the defense (blue) teams to improve detection, response, and overall security posture. You will work to challenge, assess, and enhance the organization’s security operations, ensuring that defenses are robust and responsive to current and evolving threats.

**Job Description**:
**Key Responsibilities**:
**Red Team**:

- Execute adversarial simulations mimicking real-world threat actors (APTs, insider threats, etc.).
- Research and simulate evolving cyber threats, vulnerabilities, and tactics, techniques, and procedures (TTPs) of adversaries.
- Develop custom scripts, tools, and payloads to bypass security controls and detection.
- Evade detection while conducting stealthy operations to assess the maturity of monitoring capabilities.

**Purple Team**:

- Collaborate with the blue team to optimize detection and response mechanisms.
- Facilitate knowledge sharing and training during real-time testing engagements, emphasizing skill development across red, blue, and purple teams.
- Test the effectiveness of existing security controls, offer insights for enhancement, and assist in adjusting strategies.
- Provide real-time attack/defense simulations to measure the accuracy and effectiveness of the blue team’s response.

***:
**Reporting and Documentation**:

- Prepare detailed, actionable reports that communicate findings, risks, and remediation recommendations to both technical and non-technical stakeholders.
- Work with leadership to develop strategic security roadmaps based on testing results.

**Required Skills & Qualifications**:

- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent experience.
- 5+ years of experience in offensive security (Red Teaming, Penetration Testing, or related fields).
- Deep understanding of adversary tactics, techniques, and procedures (TTPs), such as those outlined by MITRE ATT&CK.
- Strong proficiency with offensive security tools (e.g., Cobalt Strike, Metasploit, Burp Suite, BloodHound, Mimikatz).
- Knowledge of both Windows and Linux operating systems, scripting (e.g., Python, PowerShell, Bash), and familiarity with cloud environments (AWS, Azure, GCP).
- Experience working collaboratively in a purple team environment with a focus on improving defensive capabilities.
- Strong analytical and problem-solving skills, with a proactive and collaborative mindset.
- Industry certifications such as OSCP, OSCE, CRTO, CRTP, CRTE, CEH, GPEN,GXPN or similar.

**Prefer