SR Manager, Cyber Incident Response & Threat Management
PayPal, Scottsdale, AZ, United States
Job Summary
This role sits within PayPal’s Global Cyber Defense Center (CDC), leading the Incident Response (DFIR) function. You’ll own the strategy, execution, and ongoing maturity of incident response and forensic capabilities across a complex, global financial environment. As Senior Manager, you’ll lead a team of DFIR analysts and engineers, act as incident commander for critical events, and ensure investigations meet regulatory and evidentiary standards. You’ll translate threats into executive‑level risk insights, drive post‑incident improvements, and help PayPal stay ahead of evolving threats. This leadership role requires both technical depth and executive presence, from hands‑on forensic oversight to board‑level communication and regulatory engagement.
Essential Responsibilities
Recognized as a cyber threat management expert, independently resolving the most complex challenges, and providing strategic direction on problem resolution across the security domain.
Define methods and procedures for new or special assignments, collaborating with cross‑functional teams to drive security initiatives that align with business needs and objectives.
Lead complex, high‑impact security projects of diverse scope, applying an in‑depth understanding of business trends and security challenges to develop innovative solutions that strengthen threat management and overall security posture.
Possess a keen awareness of the broader impact of decisions, with initiatives often leading to enterprise‑wide improvements that enhance security practices, operational efficiency and organizational resilience.
Lead a cyber threat management team; set clear priorities and define actionable plans, ensuring alignment with organizational goals.
Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high‑impact results.
Minimum Qualifications
8+ years relevant experience and a Bachelor’s degree OR any equivalent combination of education and experience.
Experience leading others.
Additional Responsibilities & Preferred Qualifications
8+ years of experience in cybersecurity, with 4+ years focused on incident response, digital forensics, or security operations — including 2+ years in a team lead or management role.
Proven experience leading and developing high‑performing DFIR teams in a SOC or equivalent high‑tempo security operations environment.
Strong hands‑on knowledge of SIEM platforms, EDR/XDR solutions and forensic tools.
Demonstrated ability to manage high‑severity incidents under pressure, with executive‑quality communication to CISO, Legal, and regulatory audiences.
Experience building or significantly maturing an incident response plan and supporting playbook library aligned to NIST, ISO/IEC 27035, and MITRE ATT&CK.
Working knowledge of regulatory and compliance requirements in financial services (PCI DSS, GLBA, GDPR, SEC, CISA CIRCIA).
Proficiency in scripting and command‑line analysis (Python, Bash, PowerShell) and log correlation across SIEM, EDR, network, VPN, and proxy data sources.
Exceptional written and verbal communication skills — capable of translating complex forensic findings into clear narratives for executive and non‑technical audiences.
Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
Preferred Qualifications
Industry certifications: GCFA, GCFE, GCIH, GCTI, CISSP, or equivalent.
Experience with cloud forensics and incident response in AWS, Azure, or GCP environments.
Background in threat hunting, red team, or adversary simulation operations.
Experience supporting regulatory examinations, external audits, or legal discovery and litigation‑support proceedings.
Familiarity with financial services threat actor profiles and associated TTPs.
Experience with Malware Analysis
Beyond basic triage (static and dynamic analysis).
Travel Percent
0%
Compensation
The base pay for this role will depend on where you work and the relevant experience and expertise you bring. The expected range of pay for this role by location is:
Primary Location: Scottsdale, Arizona ($169,500.00 - $251,900.00 Annually)
Additional Locations: Chicago, Illinois ($178,500.00 - $265,100.00 Annually); Austin, Texas ($178,500.00 - $265,100.00 Annually)
Additional compensation may include an annual performance bonus, equity, or other incentive compensation, as applicable.
Equal Employment Opportunity
PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact paypalglobaltalentacquisition@paypal.com.
#J-18808-Ljbffr
This role sits within PayPal’s Global Cyber Defense Center (CDC), leading the Incident Response (DFIR) function. You’ll own the strategy, execution, and ongoing maturity of incident response and forensic capabilities across a complex, global financial environment. As Senior Manager, you’ll lead a team of DFIR analysts and engineers, act as incident commander for critical events, and ensure investigations meet regulatory and evidentiary standards. You’ll translate threats into executive‑level risk insights, drive post‑incident improvements, and help PayPal stay ahead of evolving threats. This leadership role requires both technical depth and executive presence, from hands‑on forensic oversight to board‑level communication and regulatory engagement.
Essential Responsibilities
Recognized as a cyber threat management expert, independently resolving the most complex challenges, and providing strategic direction on problem resolution across the security domain.
Define methods and procedures for new or special assignments, collaborating with cross‑functional teams to drive security initiatives that align with business needs and objectives.
Lead complex, high‑impact security projects of diverse scope, applying an in‑depth understanding of business trends and security challenges to develop innovative solutions that strengthen threat management and overall security posture.
Possess a keen awareness of the broader impact of decisions, with initiatives often leading to enterprise‑wide improvements that enhance security practices, operational efficiency and organizational resilience.
Lead a cyber threat management team; set clear priorities and define actionable plans, ensuring alignment with organizational goals.
Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high‑impact results.
Minimum Qualifications
8+ years relevant experience and a Bachelor’s degree OR any equivalent combination of education and experience.
Experience leading others.
Additional Responsibilities & Preferred Qualifications
8+ years of experience in cybersecurity, with 4+ years focused on incident response, digital forensics, or security operations — including 2+ years in a team lead or management role.
Proven experience leading and developing high‑performing DFIR teams in a SOC or equivalent high‑tempo security operations environment.
Strong hands‑on knowledge of SIEM platforms, EDR/XDR solutions and forensic tools.
Demonstrated ability to manage high‑severity incidents under pressure, with executive‑quality communication to CISO, Legal, and regulatory audiences.
Experience building or significantly maturing an incident response plan and supporting playbook library aligned to NIST, ISO/IEC 27035, and MITRE ATT&CK.
Working knowledge of regulatory and compliance requirements in financial services (PCI DSS, GLBA, GDPR, SEC, CISA CIRCIA).
Proficiency in scripting and command‑line analysis (Python, Bash, PowerShell) and log correlation across SIEM, EDR, network, VPN, and proxy data sources.
Exceptional written and verbal communication skills — capable of translating complex forensic findings into clear narratives for executive and non‑technical audiences.
Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
Preferred Qualifications
Industry certifications: GCFA, GCFE, GCIH, GCTI, CISSP, or equivalent.
Experience with cloud forensics and incident response in AWS, Azure, or GCP environments.
Background in threat hunting, red team, or adversary simulation operations.
Experience supporting regulatory examinations, external audits, or legal discovery and litigation‑support proceedings.
Familiarity with financial services threat actor profiles and associated TTPs.
Experience with Malware Analysis
Beyond basic triage (static and dynamic analysis).
Travel Percent
0%
Compensation
The base pay for this role will depend on where you work and the relevant experience and expertise you bring. The expected range of pay for this role by location is:
Primary Location: Scottsdale, Arizona ($169,500.00 - $251,900.00 Annually)
Additional Locations: Chicago, Illinois ($178,500.00 - $265,100.00 Annually); Austin, Texas ($178,500.00 - $265,100.00 Annually)
Additional compensation may include an annual performance bonus, equity, or other incentive compensation, as applicable.
Equal Employment Opportunity
PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact paypalglobaltalentacquisition@paypal.com.
#J-18808-Ljbffr