Senior Software Security Engineer (Remote) at Paylocity

| Remote
Sorry, this job was removed at 4:33 p.m. (CST) on Monday, June 1, 2020
Find out who's hiring in Chicago.
See all Developer + Engineer jobs in Chicago
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

The Senior Software Security Engineer is responsible for understanding and providing guidance to internal teams on best practices in software security and architecture for Paylocity’s Information Systems. The Senior Software Engineer is also responsible for training and mentoring new Software Security Engineers on our internal application security tooling and automation, and in understanding our product ecosystem as a whole. Other responsibilities will include development and maintenance of internal application security tools, and performing threat modeling, static analysis, and dynamic analysis of our web and mobile applications.

 

Performance Objectives

  • Serve as a security thought leader for all internal application security tooling and automation.
  • Develop and maintain internal application security tooling.
  • Automate security testing and vulnerability management procedures where reasonable.
  • Create a culture of appsec-as-a-service through enablement with tooling and automation.
  • Integrate security into the build/deployment process.
  • Create a path for DevSecOps and spread awareness and adoption.
  • Promote a proactive approach to addressing the changing threat landscape by recommending and implementing architectural improvements to security infrastructure.
  • Provide expert guidance and recommendations for strategic and tactical security architecture topics through risk advisory services.
  • Perform vulnerability research, assessment and management, serve as a technical security/risk advisor on all new technologies used/developed at Paylocity such as cloud, session management, SSO, database, WAF, Opensource libraries.
  • Support offensive security professionals by suggesting remediation strategies for reported vulnerabilities.
  • Assist developers in remediating vulnerabilities by providing line-by-line guidance.
  • Provide training and education to developers on software security best practices in various cloud-based systems.
  • Evaluate, procure, implement and tune dynamic application vulnerability scanning using tools like White Hat Sentinel, IBM AppScan, HP WebInspect, Netsparker, AppSpider, or Cenzic Hailstorm.
  • Evaluate, procure, implement and tune static application vulnerability scanning using tools like HPE Fortify, Checkmarx, Veracode, Coverity, etc.

Education and Experience

  • Bachelors’ Degree in InfoSec, Computer Science, or a related discipline.
  • Minimum 5-7 years’ experience with full-stack web development.
  • In-depth knowledge of at least one JavaScript framework (React/Angular/etc.) or Vanilla JavaScript/JQuery.
  • Working knowledge of SQL.
  • Experience with message-based systems (RabbitMQ/NServiceBus/etc.).
  • Experience developing and working with Web APIs.
  • Experience interpreting results from Static Code Scanning tools.
  • Strong knowledge of Security Token Services, Federated Identity Providers, SAML 2.0, claims-based security and other SSO technologies.
  • Experience with creating and maintaining Threat Models at scale.
  • Experience with securing database platforms.
  • Experience in remediating security vulnerabilities beyond OWASP Top 10.
  • Experience in performing security assessments on cloud-based multi-tenant Software-as-a-Service (SaaS) applications running on the .NET platform.
  • Experience in assessing security of native and hybrid mobile applications beyond the use of automated tools.

Nice to have:

  • Master’s Degree in InfoSec, Computer Science, or a related discipline, or ability to obtain industry relevant cybersecurity certifications such as CCSLP, CISSP, CCSP, OSCP, CEH is a plus.
  • Experience developing in .NET is a plus.
  • Experience with NoSQL/MongoDB is a plus.
  • Experience in at least one scripting language (Python/Ruby/Perl/PHP/etc…) is a plus.
  • Functional knowledge of container-based application infrastructure with Docker is a plus.
  • Experience working with Payroll, HR, Time & Labor Management, and Online Benefits Enrollment applications is a plus.
  • Experience with writing Burp plugins, opensource security tools, presenting at security conferences, writing technical research papers or publishing CVEs is a plus.

 

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • SqlLanguages
    • AccessDatabases
    • Microsoft SQL ServerDatabases
    • OracleDatabases

Location

Our office has modern workspaces, a cafe, and a gym. But since we're a talent-anywhere company, you may find our team members all over Chicagoland.

What are Paylocity Perks + Benefits

Paylocity Benefits Overview

Our commitment to hiring the best and brightest employees with a “talent anywhere” strategy means that no matter where you’re located around the country, you can be a part of our growing tech department

• Enjoy an attitude of trust to work remotely, manage your own schedule and be productive
• Work in small, cross-functional product-oriented teams
• Showcase development progress in two-week sprints with strong executive involvement
• Embrace the freedom to innovate, voice opinions and share new ideas

Culture
Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Diversity
Highly diverse management team
Unconscious bias training
Someone's primary function is managing the company’s diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Retirement & Stock Options Benefits
401(K)
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
We have a talent anywhere culture, where employees can work anywhere in the US and/or work from one of three US offices located in Illinois, Florida, and Idaho
Family Medical Leave
Adoption Assistance
Company sponsored family events
Acme co. sponsors family oriented events Annually.
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Parking
Recreational Clubs
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Acme Co. hosts lunch and learn meetings on occasion.
Cross functional training encouraged
Promote from within
Mentorship program
Our mentorship program includes 1-to-1 program, Cross-department program, Leadership mentoring.
Online course subscriptions available
More Jobs at Paylocity20 open jobs
All Jobs
Finance
Data + Analytics
Dev + Engineer
Legal
Marketing
Operations
Project Mgmt
Finance
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Operations
new
Chicago
Data + Analytics
new
Chicago
Finance
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Operations
new
Northwest Suburbs
Marketing
new
Northwest Suburbs
Operations
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Data + Analytics
new
Northwest Suburbs
Project Mgmt
new
Northwest Suburbs
Developer
new
Northwest Suburbs
Finance
new
Northwest Suburbs
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Paylocity's full profileSee more Paylocity jobs