Information Security Engineer

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. 

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards.  Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. 

Our beliefs are the foundation for how we conduct business every day.  We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Description Summary:

What you need to know about the role:

This role will focus on managing Hardware Security Modules (HSMs), Certificate Authorities (CAs), and automating Certificate Lifecycle Management (CLM). Publishing Certificate Revocation Lists (CRLs) from internal CAs. The ideal candidate will possess a strong understanding of PKI principles, HSM Management, DevOps practices, and experience with automation and scripting.

Meet our team:
This team's primary focus is securing data and communication between PayPal services and its clients using Public Key Cryptography. Responsibilities include managing PayPal's internal Certificate Authorities (CAs), the associated Hardware Security Modules (HSMs), and the lifecycle of issued cryptographic certificates.
This role focuses on managing Hardware Security Modules (HSMs), Certificate Authorities (CAs), and automating Certificate Lifecycle Management (CLM).

Job Description:

Your way to impact:

This role manages Critical CA infrastructure that all applications and clients relay on.

• Enhance security posture: Proper HSM and CA management, combined with automated CLM and CRL publishing, strengthens the overall security posture by protecting sensitive keys and ensuring timely revocation of compromised certificates.

• Increase efficiency: Automation and scripting will streamline certificate lifecycle processes, reducing manual effort and potential for human error.

• Improve compliance: Adherence to best practices in PKI, HSM management, and CLM helps meet regulatory and compliance requirements.

• Reduce operational costs: Automation can lower costs associated with manual certificate management.

• Provide better visibility and control: Centralized CLM provides a clearer overview of certificate inventory and simplifies management tasks.

Your day to day:

In your day to day role you will

• HSM Administration:

  • Monitoring HSM health and performance.

  • Managing HSM access controls and user permissions.

  • Applying firmware updates and security patches.

  • Performing key backups and recovery operations.

  • Troubleshooting HSM issues.

• CA Administration:

  • Issuing and revoking certificates.

  • Monitoring CA health and performance.

  • Managing CA configurations and policies.

  • Responding to certificate requests.

  • Publishing CRLs.

• CLM Automation:

  • Developing and maintaining scripts for automating certificate lifecycle processes (issuance, renewal, revocation).

  • Integrating CLM tools with other systems.

  • Monitoring and troubleshooting automation workflows.

• Incident Response:

  • Investigating and responding to security incidents related to certificates and HSMs.

• Collaboration and Communication:

  • Working with other teams to integrate certificate services.

  • Documenting processes and procedures.

  • Participating in security audits.

What do you need to bring:

• Bachelor’s degree in computer science or related discipline, preferably with an Information Security major or significant focus and 6+ years related industry experience.

• Deep understanding of PKI of Public Key Infrastructure principles, including certificate formats, key management, digital signatures, and the certificate lifecycle.

• Hands-on experience managing and administering HSMs, including tasks like key generation, backup/restore, applying firmware upgrades, security patching, and troubleshooting.

• Practical experience with EJBCA/similar CA administration skills, certificate issuance/revocation, and policy management.

• Strong scripting/programming skills (e.g., Go, Python, Bash) and experience automating tasks related to certificate management.

• A collaborative approach to working with other teams and a focus on automation and efficiency.

• The ability to diagnose and resolve complex issues related to PKI, HSMs, and certificate management.

• A strong understanding of security best practices and a commitment to protecting sensitive cryptographic assets.

• The ability to clearly explain technical concepts to both technical and non-technical audiences.

• We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.

**We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.

Additional Job Description:

Subsidiary:

PayPal

Travel Percent:

0

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset—you. That’s why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.

We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit https://www.paypalbenefits.com.

Who We Are:

Click Here to learn more about our culture and community.

Commitment to Diversity and Inclusion 

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law.  In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities.  If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at talentaccommodations@paypal.com.  

Belonging at PayPal: 

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.