SR Manager, Cyber Incident Response & Threat Management

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. 

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards.  Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. 

Our beliefs are the foundation for how we conduct business every day.  We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

This role sits within PayPal’s Global Cyber Defense Center (CDC), leading the and Incident Response (DFIR) function. You’ll own the strategy, execution, and ongoing maturity of incident response and forensic capabilities across a complex, global financial environment.
As Senior Manager, you’ll lead a team of DFIR analysts and engineers, act as incident commander for critical events, and ensure investigations meet regulatory and evidentiary standards. You’ll translate threats into executive-level risk insights, drive post-incident improvements, and help PayPal stay ahead of evolving threats.
This leadership role requires both technical depth and executive presence, from hands-on forensic oversight to board-level communication and regulatory engagement.

Job Description:

Essential Responsibilities:

• Recognized as a cyber threat management expert, independently resolving the most complex challenges, and providing strategic direction on problem resolution across the security domain.
• Define methods and procedures for new or special assignments, collaborating with cross-functional teams to drive security initiatives that align with business needs and objectives.
• Lead complex, high-impact security projects of diverse scope, applying an in-depth understanding of business trends and security challenges to develop innovative solutions that strengthen threat management and overall security posture.
• Possess a keen awareness of the broader impact of decisions, with initiatives often leading to enterprise-wide improvements that enhance security practices, operational efficiency and organizational resilience.
• Lead a cyber threat management team; set clear priorities and define actionable plans, ensuring alignment with organizational goals.
• Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high-impact results.

Minimum Qualifications:

• 8+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.
• Experience leading others

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.

•       8+ years of experience in cybersecurity, with 4+ years focused on incident response, digital forensics, or security operations — including 2+ years in a team lead or management role

•       Proven experience leading and developing high-performing DFIR teams in a SOC or equivalent high-tempo security operations environment

•       Strong hands-on knowledge of SIEM platforms EDR/XDR solutions and forensic tools

•       Demonstrated ability to manage high-severity incidents under pressure, with executive-quality communication to CISO, Legal, and regulatory audiences

•       Experience building or significantly maturing an incident response plan and supporting playbook library aligned to NIST, ISO/IEC 27035, and MITRE ATT&CK

•       Working knowledge of regulatory and compliance requirements in financial services (PCI DSS, GLBA, GDPR, SEC, CISA CIRCIA)

•       Proficiency in scripting and command-line analysis (Python, Bash, PowerShell) and log correlation across SIEM, EDR, network, VPN, and proxy data sources

•       Exceptional written and verbal communication skills — capable of translating complex forensic findings into clear narratives for executive and non-technical audiences

•       Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience

Preferred:

•       Industry certifications: GCFA, GCFE, GCIH, GCTI, CISSP, or equivalent

•       Experience with cloud forensics and incident response in AWS, Azure, or GCP environments

•       Background in threat hunting, red team, or adversary simulation operations

•       Experience supporting regulatory examinations, external audits, or legal discovery and litigation-support proceedings

•       Familiarity with financial services threat actor profiles and associated TTPs

Experience with malware analysis beyond basic triage (static and dynamic analysis)

Subsidiary:

PayPal

Travel Percent:

0

-

The base pay for this role will depend on where you work and the relevant experience and expertise you bring. The expected range of pay for this role by location is:

Primary Location | Pay Range:

Scottsdale, Arizona | ($169,500.00 - $251,900.00 Annually)

Additional Location(s) | Pay Range:

Chicago, Illinois | ($178,500.00 - $265,100.00 Annually) Austin, Texas | ($178,500.00 - $265,100.00 Annually)

Additional compensation for this role may include an annual performance bonus, equity, or other incentive compensation, as applicable.

PayPal does not charge candidates any fees for courses, applications, resume reviews, interviews, background checks, or onboarding. When making an application directly, we will never ask you to share passwords, one-time passcodes (OTP), or verification codes.  Any such request is a red flag and likely part of a scam. All communication regarding your application will come from official PayPal email domains. If you suspect fraudulent activity, please report it immediately.  To learn more about how to identify and avoid recruitment fraud please visit https://careers.pypl.com/contact-us. 

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset-you. That’s why we offer comprehensive, choice-based programs, to support all aspects of personal wellbeing—physical, emotional, and financial—delivering meaningful value where it matters most. We strive to create a flexible, balanced work culture with a holistic approach to benefits, including generous paid time off, healthcare coverage for you and your family, and resources to create financial security and support your mental health.

Who We Are:

Click Here to learn more about our culture and community.

Commitment to Diversity and Inclusion 

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law.  In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities.  If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at [email protected].

Belonging at PayPal: 

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.