Description

Delivering one-of-a-kind cloud technology, accompanied by award winning customer service, Paylocity is a software development company in a category of its own.  We are a publicly traded company that offers an Employee Stock Purchase Program (ESPP) which enables employees to share in the long-term growth and future success of the company.

Poised to revolutionize the world of human capital management for hundreds of thousands of small and medium sized businesses, we are seeking the best and the brightest to help us create the future of our talent solutions – enabling our customers to better develop their employees and supervisors. 

The Associate Penetration Tester is responsible for verifying that our cloud based Software-as-a-Service (SaaS) web applications are secure. The role involves performing threat modeling, security assessments, and ethical hacking of our web applications. In addition, the Associate Penetration Tester will be producing reports that document the risk of vulnerabilities identified by security assessments and penetration tests for each product team and our auditors. 

Are you the leader we are looking for?

Who you are:

• Well versed in security issues affecting financial service organizations as well as widespread data center operations, such as cloud and mobile technology solutions

• Committed to an ongoing partnership with other high profile groups within the organization (e.g. software development) to insure information security objectives are being understood and embraced

• Established presence within information security communities

• Ability to anticipate problems and recommend decisive action

• Excellent communication skills (both written and oral)

How we work:

• Casual, collaborative environment which embraces and operates under our shared principles  

• Complete transparency with open, honest discussions about our progress 

• Close working relationships across all areas of the organization

• Focus on outcomes and learning

What we offer:

• A strong commitment to Information Security both financially and organizationally  

• An existing talented and passionate Information Security team 

• The chance to meaningfully contribute to a vast market opportunity

• A collaborative environment where our security team is empowered to help steer the direction of the team

• A place to contribute your security knowledge company-wide through forum panels with our product development team  

• Annual training allowance to learn new things and bring it back to the team.

• Flexible remote work schedule

• Employee Stock Purchase Program (ESPP) which enables employees to share in the long-term growth and future success of the company

Requirements

Required Experience: 

• Must have a Bachelor’s degree

• Be passionate about information security and privacy

• Ability to evangelize regarding the importance of information security

• Possess excellent communication skills (both written and oral)

• Be self-driven, creative, and resourceful

• 0 to 2 years of experience in one of the following - software development, security testing, vulnerability assessment

• Be familiar with TCP/IP and networking concepts

• Knowledge of the software development lifecycle and the ability to create and read code in a modern object-oriented programming language (such as ASP.net/C# or Python) and writing SQL scripts and web code (HTML/JavaScript/etc.)

• Have basic understanding of OWASP Top 10, Testing Guide, ASVS and other software security best practices

• Knowledge of penetration testing against a wide variety of application layer platforms, including web, mobile, thick client, and Reverse Engineering, above and beyond running automated tools

• Basic understanding of REST API, Security Testing, DAST and SAST tools

• Ability to perform both manual and automated code reviews

• General understanding of some of the following security tools – Burp Suite, ZAP, SQLMap, SQLNinja, Metasploit, Nessus, Wireshark, nmap, tcpdump, OSINT, Recon-ng, mimikatz, responder, maltego, aircrack-ng, Cain and Abel, JTR, hashcat, hydra, SET, Nikto, dirbuster, golismero, theHarvester, BeEf, Sparta, wfuzz

• Candidates with personal projects and opensource contributions will be preferred

• Willingness to obtain industry relevant certifications such as CEH, Security+, OSCP, CSSLP

Paylocity’s Awards:

• Glassdoor's Employees Choice Award in 2014

• 7-time Winner on Chicago Area's 101 Best and Brightest Companies to Work For

• Inc Magazine listed Paylocity as an Inc 5000 Fastest Growing Privately Held Firm from 2007-2013

• Ranked #14 on Built in Chicago Top 100 Digital Companies for 2014

• Ranked #24 on Forbes 2013 List of Top 100 Digital Companies in Chicago 

• Ranked #38 on Crain's Fast Fifty List of Chicago's Fastest Growing Companies in 2014

• Ranked #334 on Deloitte's 2014 Technology Fast 500 List of Fastest Growing Companies in North America