Senior Cybersecurity Threat Analyst

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. 

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards.  Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. 

Our beliefs are the foundation for how we conduct business every day.  We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

We’re looking for a forward-thinking Detection Engineer to join our Threat Detection team within Security Operations. This role is focused on building high-fidelity, scalable detections that reduce risk and improve response effectiveness across enterprise, cloud, and product environments.

You will partner closely with Incident Response, Threat Intelligence, Product Security, and Platform teams to design resilient detection strategies, close visibility gaps, and continuously improve our defensive posture. This role goes beyond writing alerts. It requires strategic thinking, ownership of detection lifecycle maturity, and a strong bias toward measurable impact.

Job Description:

Essential Responsibilities:

• Independently apply security best practices to enhance and optimize cyber threat management, ensuring robust protection and efficiency, while beginning to understand and align security measures with business objectives.
• Partner with peers and internal teams to drive security initiatives, contribute to cross-functional projects, and at times co-lead efforts to strengthen security posture and cyber threat management.
• Analyze and resolve security challenges by adapting standard cyber threat management processes and exploring alternative approaches to address complex threats.
• Influence the quality, efficiency, and effectiveness of the team through informed decision-making, with a potential impact on other teams.
• Collaborate with key partners to gather and incorporate feedback, driving continuous improvements in cyber threat management.

Minimum Qualifications:

• 3+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

What You’ll Do

• Design, implement, and continuously tune high-fidelity detections across SIEM, EDR, and cloud-native security platforms.

• Correlate telemetry across diverse data sources to identify complex or multi-stage attack patterns.

• Own the end-to-end detection lifecycle from hypothesis and use case development through deployment, tuning, validation, and documentation.

• Build and enhance SOAR playbooks and automation workflows to reduce manual effort and improve response consistency.

• Conduct proactive threat hunting to identify anomalous behaviors, misconfigurations, and emerging attack techniques.

• Partner with engineering and infrastructure teams to improve logging quality, telemetry coverage, and data normalization.

• Identify detection gaps and drive improvements in visibility across enterprise and product environments.

• Participate in red and purple team exercises to validate detection effectiveness and improve resilience.

• Develop metrics that measure detection coverage, signal-to-noise ratio, and operational impact.

• Translate technical findings into clear, actionable insights for leadership and stakeholders.

Core Responsibilities

• Translate threat actor TTPs and MITRE ATT&CK techniques into reliable, scalable detections.

• Maintain high signal-to-noise ratios by minimizing false positives while preserving coverage.

• Continuously evaluate detection effectiveness and recommend improvements.

• Collaborate with Incident Response to refine detection based on real-world investigations.

• Support strategic initiatives such as SIEM and SOAR migrations, detection standardization, and automation scaling.

• Contribute to detection frameworks, documentation standards, and repeatable processes to mature the program.

What You Bring

• 5+ years of experience in cybersecurity with a focus on detection engineering, threat hunting, or security automation.

• Strong hands-on experience with SIEM platforms (Splunk, Sentinel, Google SecOps, etc.) and EDR tools (CrowdStrike, SentinelOne, etc.).

• Proficiency in SIEM query languages such as SPL or KQL.

• Solid understanding of adversary behavior, attack lifecycle, and detection engineering principles.

• Experience building and maintaining automation using scripting languages such as Python or PowerShell.

• Ability to think strategically abou