Staff Cybersecurity Threat Analyst

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. 

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards.  Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. 

Our beliefs are the foundation for how we conduct business every day.  We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

Job Description:

Essential Responsibilities:

• Leverage specialized security expertise to identify and resolve complex cyber threat management challenges, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning security strategies with business priorities.
• Partner across teams and key stakeholders to drive security initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to solve security challenges, considering diverse perspectives and innovative solutions. Stay current with industry trends and emerging technologies, understanding their security implications to the company’s context.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in security practices and organizational resilience.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into cyber threat management.
• Develop and articulate clear plans and priorities for the team, guiding them to achieve security objectives while fostering a collaborative and high-performance environment.
• Lead by example, providing mentorship and support to ensure the team successfully executes on initiatives and goals.

Minimum Qualifications:

• 5+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Your day-to-day:

In this role, you’ll focus primarily on incident response with forensic analysis applied during investigations:

• Respond to and lead security incidents: Coordinate the full incident response lifecycle including detection, triage, containment, eradication, and recovery, providing timely updates on findings, root causes, and recommended remediation actions.
• Serve as incident commander: Lead declared incidents during Singapore business hours, driving coordination across technical teams and stakeholders.
• Conduct digital forensic analysis: Collect, preserve, and analyze digital evidence using industry-standard tools and techniques to determine the source, scope, and impact of security incidents while maintaining proper chain of custody.
• Perform host-based forensics and timeline analysis: Examine forensic artifacts across Windows, macOS, and Linux environments to determine attack vector, lateral movement, and data exfiltration.
• Correlate events from multiple sources: Analyze SIEM, EDR, firewall, network traffic, VPN, and proxy logs to build comprehensive incident timelines.
• Create forensic and investigative reports: Prepare detailed technical reports suitable for senior leadership, legal counsel, and regulatory audiences.
• Drive post-incident reviews: Ensure thorough documentation of lessons learned and identify improvements to strengthen organizational resilience.
• Develop and maintain playbooks: Refine incident response playbooks, standard operating procedures, and forensic protocols to continuously improve response capabilities.
• Maintain incident tracking: Drive continuous updates in the incident tracking system to ensure accurate documentation and reporting of security events.
• Collaborate with stakeholders: Work with legal, compliance, and regulatory stakeholders as needed during incident progression, validating and communicating impact levels.
• Engage external partners: Work with third-party vendors, consulting partners, and industry intelligence groups to enhance overall cybersecurity posture.
• Mentor junior analysts: Provide technical guidance on incident response and forensic best practices.
• Participate in on-call rotation: Provide regional incident response coverage as part of the Singapore on-call rotation.

What you need to bring:

• Demonstrated experience in security incident handling and security operations within a SOC or similar high-tempo environment.
• Strong digital forensics skills, including host-based forensics, evidence preservation, chain of custody, and data breach response.
• Proficiency in analyzing forensic artifacts across Windows, macOS, and Linux operating systems to determine attack vector, lateral movement, and data exfiltration.
• Experience correlating events from multiple sources (SIEM, EDR, firewall, network traffic, VPN, proxy logs) to build comprehensive timeline analyses.
• Solid hands-on knowledge of SIEM, EDR, threat intelligence platforms, and forensic tools.
• Familiarity with industry standards (e.g., NIST, MITRE ATT&CK) and best practices for incident response.
• Experience with digital forensic tools such as EnCase, FTK, X-Ways Forensics, Axiom, Surge Collect, or equivalent open-source tools.
• Familiarity with command line tools and scripting languages (Python, bash, etc.).
• In-depth understanding of network protocols, systems, and infrastructure security principles.
• Exceptional communication skills, capable of relaying complex security scenarios to executive stakeholders and non-technical audiences.
• Ability to organize case notes and prepare detailed technical and forensic reports.
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Experience with cloud infrastructures (AWS, GCP, Azure) and cloud-based forensic investigations.
• Experience with proactive threat hunting activities to uncover security gaps, vulnerabilities, or unaddressed risks.
• Ability to conduct malware analysis beyond basic triage.
• Track record of leading technical initiatives or coordinating response efforts under pressure.
• Certifications such as GCFA, GCFE, GCIH, CISSP, CCE or equivalent DFIR certifications.

Subsidiary:

Travel Percent:

PayPal does not charge candidates any fees for courses, applications, resume reviews, interviews, background checks, or onboarding. When making an application directly, we will never ask you to share passwords, one-time passcodes (OTP), or verification codes.  Any such request is a red flag and likely part of a scam. All communication regarding your application will come from official PayPal email domains. If you suspect fraudulent activity, please report it immediately.  To learn more about how to identify and avoid recruitment fraud please visit https://careers.pypl.com/contact-us. 

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset-you. That’s why we offer comprehensive, choice-based programs, to support all aspects of personal wellbeing—physical, emotional, and financial—delivering meaningful value where it matters most. We strive to create a flexible, balanced work culture with a holistic approach to benefits, including generous paid time off, healthcare coverage for you and your family, and resources to create financial security and support your mental health.

Who We Are:

Click Here to learn more about our culture and community.

Commitment to Diversity and Inclusion 

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law.  In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities.  If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com.  

Belonging at PayPal: 

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.