Security Consultant

**Job Description Summary**:
As a leader in the Enterprise Cyber Security (“ECS”) consulting team, this role will operate as a Technical Security consultant responsible for engaging with PayPal product development teams, solution engineers and architects, operations, and business units providing policy driven security review and consultation.

The engineer will participate in continuous improvement efforts by engineering and implementing automation, process improvement to reduce redundancy and drive efficiency.

Job Function - distribution

Working daily on security review requests by responding to queries from technical engineering and architects, product owners, operations, business units and development teams
- Participate in the design of technical solutions and implementation methods providing security guidance and ensuring inclusion of security controls
- Analyze security related incidents and provide guidance on contributing control gaps and advise on plausible technical security control solutions
- Participate in the design and deployment of security controls and alignment of controls with business requirements
- Provide security policy and procedure guidance on review requests
- Provide approval/confirmation that activities, products, or deployments are aligned with Information Security policies and procedures
- Analyze risk and propose mitigating controls
- Review peer queries for final disposition
- Escalate to management where exception to policy is requested/required
- Enabling business without compromise on security posture of the organization

Review peer and subordinate consulting engagements prior to ECS approval
- Ensure consistency and accuracy across the team
- Ensure gaps/findings/risks are identified and adjudicate risk
- Validate compensation controls are called out and understood by requestors
- Understand and advocate strategy and vision for the team
- Work across team disciplines building knowledge and improving each discipline

Represent Enterprise Cyber Security (ECS) in various counsels including Geo Data protection council, Cloud security guild, tiger teams and large initiative discussions to provide input based on Security SME and security policy and procedure feedback

Participate in consulting process efficiency and improvement through
- Engineering and implementing automation
- Identify and suggesting technologies, products, and process for peer teams
- Work with the technology owners to identify patterns that can be approved without ECS review

**Work Experience**
- Overall 8+ years of experience in Security
- INFOSEC certification’s like CCSP, CISSP, CISM
- Experience working in a ticketing system environment
- Experience working in at least one of the three platforms Azure, AWS, GCP
- Bachelor’s degree or equivalent industry experience.
- Technology Cloud security practitioner or equivalent

**Desirable**
- Understanding of SOX 404, PCI, FFEIC, GLBA, OFAC, the Patriot Act, MAS guidelines, PBOC, RBI and other regulatory requirements for the financial services sector.
- Good understanding of information security and risk management frameworks such as OWASP and ISO27001.
- Google Professional Cloud Security Engineer
- Microsoft Certified: Azure Security Engineer Associate
- AWS Certified Security - Specialty

**Skills**

In-depth understanding of the following cybersecurity areas with expertise in two or more areas along with very detailed cloud security knowledge and experience. Ability to provide consultation on technical design, deployment, and operations in the area
- Security Architecture
- Application Security
- Network security
- Data Security
- Cryptography
- Cloud Security
- In-depth understanding of security standards, controls, and best practices
- Knowledge of software development, network engineering, cloud engineering
- Familiarity on working in a ticketing system to handle daily task, documenting the findings / decisions, generate reports / dashboards would be preferred
- Suggest and implement new ideas to optimize and continuous focus on improving quality and processes

**Behaviours**
- Self-Awareness - Insightful, reflective, understands personal strengths and weaknesses, seeks feedback.
- Learns from experience; cool and resilient through change; treat others constructively and always with respect
- Mental Agility - Think through problems from a fresh point of view, comfortable with ambiguity & complexity
- Sees through customer eyes and brings in ideas to improve our products and services
- Technical research of solutions capabilities and verification of technical options, problem solver
- Get results under tough conditions; inspire others to go beyond the norm; exhibit presence that builds confidence
- Experience building and maintaining constructive working relationships with a diverse community (in and outside of technology); ability to effectively communicate (both written and verbal) with and influence both technical and non-technical audienc