Associate DevSecOps Engineer at Paylocity
Don't just land a job. Launch your future.
Our all-in-one software platform gives HR pros a way to easily manage daily tasks in payroll, benefits, talent, and workforce management.
But what makes us different is that our technology is backed by a culture that cares. We care about our team members, clients, and partners - because people matter most. And people have always been at the heart of our business.
Since our founding in 1997, this is the thing that's stayed the same, from our employees to the millions of users nationwide that access our platform. We pride ourselves on partnering with our clients to build the workplace they and their employees crave.
Let's go forward together.
The Associate Software Security Engineer is responsible for understanding and providing guidance to internal teams on best practices in software security and architecture for Paylocity's Information Systems. Responsibilities will also include development and maintenance of internal application security tools, and performing threat modeling, static analysis, and dynamic analysis of our web and mobile applications.
Reports To: Sr. Manager, Application Security
The below represents the primary responsibilities of the position. Other duties may be assigned as needed.
- Develop and maintain internal application security tooling.
- Automate security testing and vulnerability management procedures where reasonable.
- Integrate security into the build/deployment process.
- Promote a proactive approach to addressing the changing threat landscape by recommending and implementing architectural improvements to security infrastructure.
- Perform vulnerability research, assessment, and management, serve as a technical security/risk advisor on all new technologies used/developed at Paylocity such as cloud, session management, SSO, database, WAF, Opensource libraries.
- Support offensive security professionals by suggesting remediation strategies for reported vulnerabilities.
- Assist developers in remediating vulnerabilities by providing line-by-line guidance.
- Provide training and education to developers on software security best practices in various cloud-based systems.
- Utilize dynamic application vulnerability scanning using tools like White Hat Sentinel, IBM AppScan, HP WebInspect, Netsparker, AppSpider, or Cenzic Hailstorm.
- Utilize static application vulnerability scanning using tools like HP Fortify, Checkmarx, Veracode, Coverity, etc.
- Bachelors' Degree in InfoSec, Computer Science, or a related discipline.
- Minimum 0-3 years' experience with software development.
- Working knowledge of SQL.
- Basic understanding of developing and working with Web APIs.
- Ability to learn Static Code Scanning tools.
- Experience in performing security assessments on cloud-based multi-tenant Software-as-a-Service (SaaS) applications running on the .NET platform.
- Experience in assessing security of native and hybrid mobile applications beyond the use of automated tools.
- Experience developing in .NET is a plus.
- Experience with NoSQL/MongoDB is a plus.
- Experience with message-based systems (RabbitMQ/NServiceBus/etc.) is a plus.
- Experience in at least one scripting language (Python/Ruby/Perl/PHP) is a plus.
- Functional knowledge of container-based application infrastructure with Docker is a plus.
Our journey forward.
Paylocity strives to create an organizational culture where every employee has a voice, feels truly welcome, appreciated, and free to be themselves, and is empowered and enabled to do their best work. A strong commitment to diversity, equity, and inclusion is critical to creating such a culture.
We've made great strides to support diversity, equity, and inclusion. That being said, we realize there's still room for improvement. Our current focus is on the following initiatives:
- Education & Awareness
- Client Community
- Company Representation
- Advocacy & Support
- Fairness & Equality
- PCTY Gives
This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.
This role can be performed from any office in the US. The pay range for this position in Colorado is $75,000 - $105,000/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus based on individual performance in addition to a full range of benefits outlined here. This information is provided per the Colorado Equal Pay for Equal Work Act. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers.