The Latest in IT Security

Security Quality Engineer – PayPal


Security Quality Engineer – PayPal

Posted: 27 March 2013
Company name: PayPal
Location: San Jose
United States
Travel: none
Poster represents: employer
Terms of employment: Salaried employee
Hours: full time
Onsite: yes

This position is for a technical penetration test Security Quality Engineer. Automation and API level testing skills are required. As a Senior Quality Engineer, you will partner with Software Developers, Product Managers, Information Security and other Quality Engineers to:


. Perform vulnerability assessments and penetration testing/ethical hacking

. Perform, review and analyze security vulnerability data to identify applicability and false positives

. Proficiency with Security tools like AppScan, WebInspect,Paros,Cenzic Hailstorm

. Programming experience in Java, C++, Perl, or Python.

. Research and develop testing tools, techniques, and process improvements

. Create risk based security code reviews (static & dynamic)

. Conduct penetration testing in line with Open Web application Security project (OWASP)

. Publish reports and test results in line with scanners and test cases to stakeholders

. Organize and execute regression reviews for applications

. Handhold dev teams for vulnerability remediation with sample code snippets

. Analyze product requirements, create security test plans, and perform code reviews

. Mentor junior engineers to build their skills and contribution levels

. Develop and present educational programs and/or workshops.

. Write data-driven, white box/APIs and UI test automation

. Design and modify test frameworks as required

Required skills:
. Knowledge of the nature and sources web application and database vulnerabilities, how to identify and exploit them,

. Knowledge of the nature and sources network and host application vulnerabilities

. Vast knowledge in computer security issues, requirements and trends

. Programming experience in Java, C++, Perl, or Python.

. Ability to document and track defects, as well as produce detailed reports using defect tracking tools

. Experience with white-box or gray-box testing

. Familiarity with software development lifecycles (SDLC)

. Knowledge of Quality test techniques

. Working understanding of database concepts

. Agile experience is desired

. Have been working in both Unix and Windows environments

. Team player, able to dealing with conflict, handling ambiguity and a quick learner

. Passion for breaking code and quality

. Hands on experience of penetration testing is a must

. Experience with Security tools like AppScan, WebInspect,Paros,Cenzic Hailstorm

. BSEE, CS or other relevant technical degree required. 5+ years professional related experience or Master’s Degree and 3+ years, or Doctorate and 1+ years

Desired skills:
CEH, CISSP, GIAC certification preferred

URL for more information:

Contact information:
e-mail resumes to [email protected]

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments