Shire Jobs

Paylocity is an award-winning provider of cloud-based HR and payroll software solutions, offering the most complete platform for the modern workforce. The company has become one of the fastest-growing HCM software providers worldwide by offering an intuitive, easy-to-use product suite that helps businesses automate and streamline HR and payroll processes, attract and retain talent, and build a strong workplace culture.

While traditional HR and payroll providers automate basic HR processes such as payroll and benefits administration, Paylocity goes further by developing tools that HR and businesses need to compete for talent and deliver against the expectations of the modern workforce.

We give our employees what they need to succeed, including great benefits and perks! We offer medical, dental, vision, life, disability, and a 401(k) match, as well as perks that support you, your family, and your finances. And if it’s career development you desire, we provide that, too! At Paylocity, people matter most and have always been at the heart of our business.

Help Paylocity enhance communication and enable employees to connect, collaborate, and create from anywhere with a position in Product & Technology!

Want to develop the strategies and principles needed to deliver compelling software? Join our team and help us enhance our all-in-one software platform, elevate our one-of-a-kind technology, and improve the employee experience.

Take your career to the next level at one of G2's Top 100 Software Companies. Explore our Product & Technology positions to see where you fit!

Position Overview

The DevSecOps Engineer is responsible for understanding and providing guidance to internal teams on best practices in software security and architecture for Paylocity’s Information Systems. Responsibilities will also include development and maintenance of internal application security tools, and performing threat modeling, static analysis, and dynamic analysis of our web and mobile applications.

Performance Objectives

The below represents the primary responsibilities of the position. Other duties may be assigned as needed.

· Develop and maintain internal application security tooling.

· Automate security testing and vulnerability management procedures where reasonable.

· Integrate security into the build/deployment process

· Promote a proactive approach to addressing the changing threat landscape by recommending and implementing architectural improvements to security infrastructure.

· Provide expert guidance and recommendations for strategic and tactical security architecture topics through risk advisory services.

· Perform vulnerability research, assessment and management, serve as a technical security/risk advisor on all new technologies used/developed at Paylocity such as cloud, session management, SSO, database, WAF, Opensource libraries.

· Support offensive security professionals by suggesting remediation strategies for reported vulnerabilities.

· Assist developers in remediating vulnerabilities by providing line-by-line guidance.

· Provide training and education to developers on software security best practices in various cloud-based systems.

· Utilize dynamic application vulnerability scanning using tools like White Hat Sentinel, IBM AppScan, HP WebInspect, Netsparker, AppSpider, or Cenzic Hailstorm.

· Utilize static application vulnerability scanning using tools like HP Fortify, Checkmarx, Veracode, Coverity, etc.

Education and Experience

· Bachelors’ Degree in InfoSec, Computer Science, or a related discipline required

· Minimum 3-5 years’ experience with full-stack web development.

· Experience with advanced script work (OOP, classes, packages) in Python

· In-depth knowledge of at least one JavaScript framework (React/Angular/etc.) or Vanilla JavaScript/JQuery.

· Working knowledge of SQL.

· Experience developing and working with Web REST APIs.

· Experience interpreting results from Static Code Scanning tools.

· Strong knowledge of Security Token Services, Federated Identity Providers, SAML 2.0, claims-based security and other SSO technologies.

· Experience with creating and maintaining Threat Models at scale.

· Experience with securing database platforms.

· Experience in remediating security vulnerabilities beyond OWASP Top 10.

· Experience in performing security assessments on cloud-based multi-tenant Software-as-a-Service (SaaS) applications running on the .NET platform.

· Experience in assessing security of native and hybrid mobile applications beyond the use of automated tools.

Nice to have:

· Experience developing in .NET.

· Experience with NoSQL/MongoDB.

· Experience working with GraphQL APIs.

· Experience with message-based systems (RabbitMQ/NServiceBus/etc.).

· Experience in at least one additional scripting language (Ruby/Perl/PHP/etc…).

· Experience with AWS and AWS CDK.

· Functional knowledge of container-based application infrastructure with Docker.

· Experience working with Payroll, HR, Time & Labor Management, and Online Benefits Enrollment applications.

· Experience with writing Burp plugins, opensource security tools, presenting at security conferences, writing technical research papers or publishing CVEs.

· Experience leading a project.

Paylocity is an equal-opportunity employer. Paylocity is committed to the full inclusion of all individuals. We recruit, train, compensate, and promote regardless of race, religion, color, national origin, sex, disability, age, veteran status, and other protected status as required by applicable law. At Paylocity, we believe diversity makes us better.

We embrace and encourage our employees’ differences in age, culture, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion or spiritual belief, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique. We actively cultivate these differences through our employee resource groups (ERGs), employee experiences, perspectives, talents, and approaches to drive innovation in the software and services we provide our customers.

We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. To request reasonable accommodation in the job application or interview process, please contact accessibility@paylocity.com. This email address is exclusively designated for such requests, aligning with federal and state disability laws. Please do not send resumes to this email address, as they will be removed.

This role can be performed from any office in the US. The pay range for this position is $85,000 - $131,000 /yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus and restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. (https://rise.articulate.com/share/NWT-xukAz2nsMapN3L3TSRXfxzBGrFh_#/) This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers.

#LI-Tech #LI-Remote