The DevSecOps Engineer is responsible for understanding and providing guidance to internal teams on best practices in software security and architecture for Paylocity’s Information Systems. Responsibilities will also include development and maintenance of internal application security tools, and performing threat modeling, static analysis, and dynamic analysis of our web and mobile applications.

The below represents the primary responsibilities of the position. Other duties may be assigned as needed.  

• Develop and maintain internal application security tooling.

• Automate security testing and vulnerability management procedures where reasonable.

• Integrate security into the build/deployment process.

• Promote a proactive approach to addressing the changing threat landscape by recommending and implementing architectural improvements to security infrastructure.

• Provide expert guidance and recommendations for strategic and tactical security architecture topics through risk advisory services.

• Perform vulnerability research, assessment and management, serve as a technical security/risk advisor on all new technologies used/developed at Paylocity such as cloud, session management, SSO, database, WAF, Opensource libraries.

• Support offensive security professionals by suggesting remediation strategies for reported vulnerabilities.

• Assist developers in remediating vulnerabilities by providing line-by-line guidance.

• Provide training and education to developers on software security best practices in various cloud-based systems.

• Utilize dynamic application vulnerability scanning using tools like White Hat Sentinel, IBM AppScan, HP WebInspect, Netsparker, AppSpider, or Cenzic Hailstorm.

• Utilize static application vulnerability scanning using tools like HP Fortify, Checkmarx, Veracode, Coverity, etc.

Education and Experience

• Bachelors’ Degree in InfoSec, Computer Science, or a related discipline required

• Minimum 3-5 years’ experience with full-stack web development.

• In-depth knowledge of at least one JavaScript framework (React/Angular/etc.) or Vanilla JavaScript/JQuery.

• Working knowledge of SQL.

• Experience developing and working with Web APIs.

• Experience interpreting results from Static Code Scanning tools.