Offensive Security Engineer (Remote) at Paylocity

| Remote
Sorry, this job was removed at 5:22 p.m. (CST) on Tuesday, June 23, 2020
Find out who's hiring in Chicago.
See all Developer + Engineer jobs in Chicago
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

This role will produce reports that document the risk of vulnerabilities identified by security assessments and penetration tests for each Product Team and our auditors. The Senior Offensive Security Engineer will also be responsible for training new Offensive Security Engineers on testing our web applications. This role will also play a key role in the Product Development Community of Practices instructing others on the practice of security testing and working directly with Product Teams to ensure that all team members are aware of Secure Development best-practices.

 

Performance Objectives

 

The below represents the primary responsibilities of the position. Other duties may be assigned as needed.

  • Perform adversarial simulations which may include internet, intranet, wireless, web application, API, cloud, container security, social engineering, and physical penetration testing.
  • Build appropriate test environments to enable effective security testing and help with automating security assessments and penetration tests where technically feasible
  • Help evaluate, procure, Implement and tune dynamic application vulnerability scanning using tools like White Hat Sentinel, IBM AppScan, HP WebInspect, Netsparker, AppSpider, or Cenzic Hailstorm
  • Help evaluate, Procure, Implement and tune static application vulnerability scanning using tools like HPE Fortify, Checkmarx, Veracode, Coverity, etc.
  • Perform Open Source Intelligence Techniques (OSINT) to find unintended exposure of digital assets; leverage available resources to develop custom tools
  • Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
  • Develop clear, detailed reports and recommendations based on concrete evidence from security assessments
  • Engage and educate product teams on penetration testing procedures and application security best practices
  • Develop, implement and update security best practices along with constantly changing threat landscape
  • Debrief users and provide remediation strategy on findings.
  • Work closely with Product Teams to help improve application security posture.
  • Provide technical advice to associate team members on attacks and perform peer review of penetration test reports
  • Communicate technical security concepts to technical and non-technical audiences including executives.
  • Coordinate independent application penetration tests executed by external security firms
  • Implement new ideas and innovations according to industry trends.

Education and Experience

  • Minimum 3-5 years of experience performing adversarial simulations such as security assessments and penetration testing on cloud-based multi-tenant Software-as-a-Service (SaaS) applications
  • Bachelor’s degree with a preference for computer science, information security, management information systems, or similar major or Offensive Security Credential such as OSCP, OSCE, OSWE, OSEE
  • Information security certifications, GPEN, CEH, CISSP, GWAPT, CSSLP, CCSP, Pentest+ is a plus
  • Experience working with independent security professionals performing penetration testing
  • Experience pentesting native and hybrid mobile applications beyond the use of automated tools
  • Experience interpreting results from Static Code Scanning tools
  • Experience performing Web Application Security / Penetration Testing in accordance with OWASP standards such as ASVS, Testing Guide, Mobile & API Top 10
  • Functional knowledge of Security Token Services, Federated Identity Providers, SAML 2.0, claims-based security and other SSO technologies is a plus
  • Experience in leading a pentest engagement in a high-pressure environment
  • Experience with articulating technical findings to an executive audience
  • Experience with writing Burp plugins, opensource security tools, presenting at security conferences, writing technical research papers or publishing CVE is a plus
  • Experience working with Payroll, HR, Time & Labor Management, and Online Benefits Enrollment applications is a plus
  • Experience in performing Red Team Engagements is a plus
  • Functional knowledge of container-based application infrastructure such as Kubernetes, Docker Swarm is a plus

 

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • SqlLanguages
    • AccessDatabases
    • Microsoft SQL ServerDatabases
    • OracleDatabases

Location

Our office has modern workspaces, a cafe, and a gym. But since we're a talent-anywhere company, you may find our team members all over Chicagoland.

What are Paylocity Perks + Benefits

Paylocity Benefits Overview

Our commitment to hiring the best and brightest employees with a “talent anywhere” strategy means that no matter where you’re located around the country, you can be a part of our growing tech department

• Enjoy an attitude of trust to work remotely, manage your own schedule and be productive
• Work in small, cross-functional product-oriented teams
• Showcase development progress in two-week sprints with strong executive involvement
• Embrace the freedom to innovate, voice opinions and share new ideas

Culture
Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Highly diverse management team
Unconscious bias training
Someone's primary function is managing the company’s diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
We have a talent anywhere culture, where employees can work anywhere in the US and/or work from one of three US offices located in Illinois, Florida, and Idaho
Family Medical Leave
Adoption Assistance
Company sponsored family events
Acme co. sponsors family oriented events Annually.
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Parking
Recreational Clubs
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Acme Co. hosts lunch and learn meetings on occasion.
Cross functional training encouraged
Promote from within
Mentorship program
Our mentorship program includes 1-to-1 program, Cross-department program, Leadership mentoring.
Online course subscriptions available
More Jobs at Paylocity19 open jobs
All Jobs
Finance
Data + Analytics
Dev + Engineer
Legal
Marketing
Operations
Project Mgmt
Marketing
new
Northwest Suburbs
Operations
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Data + Analytics
new
Northwest Suburbs
Project Mgmt
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Data + Analytics
new
Chicago
Operations
new
Chicago
Finance
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Operations
new
Northwest Suburbs
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Paylocity's full profileSee more Paylocity jobs