Vulnerability Assessments Engineer

Paylocity is an award-winning provider of cloud-based HR and payroll software solutions, offering the most complete platform for the modern workforce. The company has become one of the fastest-growing HCM software providers worldwide by offering an intuitive, easy-to-use product suite that helps businesses automate and streamline HR and payroll processes, attract and retain talent, and build a strong workplace culture. 

While traditional HR and payroll providers automate basic HR processes such as payroll and benefits administration, Paylocity goes further by developing tools that HR and businesses need to compete for talent and deliver against the expectations of the modern workforce. 

We give our employees what they need to succeed, including great benefits and perks! We offer medical, dental, vision, life, disability, and a 401(k) match, as well as perks that support you, your family, and your finances. And if it’s career development you desire, we provide that, too! At Paylocity, people matter most and have always been at the heart of our business. 

Help Paylocity enhance communication and enable employees to connect, collaborate, and create from anywhere with a position in Product & Technology!

Want to develop the strategies and principles needed to deliver compelling software? Join our team and help us enhance our all-in-one software platform, elevate our one-of-a-kind technology, and improve the employee experience. 

Take your career to the next level at one of G2's Top 100 Software Companies. Explore our Product & Technology positions to see where you fit! 

Position Overview

The Vulnerability Assessments Engineer is a key member of the Information Security team at Paylocity, reporting to the Manager – Vulnerability Assessments. He or she is accountable for the ensuring that the Information Security team delivers on its mission of ensuring that Paylocity’s application and infrastructure are architected and built in a manner that adequately safeguards the confidentiality, integrity, and availability of client information. 

Performance Objectives

The primary responsibilities of the position follow.  Other duties may be assigned as needed.  

· Research, identify, asses, and prioritize vendor and third-party security advisories and acts as a bridge between Information Security and system owners to see through the remediation activities. 

· Conduct vulnerability assessments of our organization's networks, systems, and applications

· Analyze vulnerability scan results to identify potential security risks.

· Develop and maintain vulnerability management processes, policies, and procedures.

· Collaborate with other teams to prioritize and remediate identified vulnerabilities.

· Conduct security assessments of third-party vendors and ensure that their security practices meet our organization's standards.

· Keep up to date with the latest security threats and vulnerabilities and provide recommendations on how to mitigate them.

· Provide guidance and training to other teams on vulnerability management best practices.

· Provide technical advice to associate team members on attacks and perform peer review of penetration test reports.

· Coordinate independent application penetration tests executed by external security firms.

· Perform technical analysis on vulnerabilities emanating from Cloud Security Posture Management (CSPM) tools.

· Develop vulnerability remediation guidelines in consultation with Cloud Security Team

· Create vulnerability evaluation standards for consistent reporting of vulnerabilities across various platforms

· Identify opportunities to automate repeatable tasks to solve scale and sustainability challenges associated with vulnerability triage 

Education and Experience

· 4-6 years of experience within an information security role

· Bachelor’s degree in computer science, information security, management information systems, or similar major a plus

· Knowledge of vulnerability scanning tools and techniques

· Basic ability to script in one of the programming languages such as Python, Ruby, C#, Java, etc,. 

· Experience working with vulnerability scanning tools such as Tenable, Rapid7, Qualys, etc,. 

· Experience working with CVSS and ability to research vulnerabilities independently from source such as NVD, VulndDB, etc,. 

· Familiarity with security frameworks such as NIST, ISO 27001, and CIS Controls

· Professional certification such as the Security+, CEH, OSCP, Agile Scrum, CSM, CSPO, PMI-ACP,GSLC is a plus

· Strong knowledge of IT ecosystem ranging from hardware network devices, storage systems, workstations, mobile devices, operating systems, and application frameworks

· Intermediate knowledge of evolving technologies such as containers and cloud security

· Basic knowledge of common cloud platforms such as AWS, Azure, GCP, etc,.

· Ability to evaluate cloud vulnerabilities resulting from Cloud Security Posture Management(CSPM) Tools such as Wiz, Prisma

· Stays up to date and current on new threats and new developments in the information security field

· Experience performing Web Application Security / Penetration Testing in accordance with OWASP standards such as ASVS, Testing Guide, Mobile & API Top 10

· Experience with writing Burp plugins, opensource security tools, presenting at security conferences, writing technical research papers or publishing CVE is a plus

Experience working with Payroll, HR, Time & Labor Management, and Online Benefits Enrollment applications is a plus 

Paylocity is an equal-opportunity employer. Paylocity is committed to the full inclusion of all individuals. We recruit, train, compensate, and promote regardless of race, religion, color, national origin, sex, disability, age, veteran status, and other protected status as required by applicable law. At Paylocity, we believe diversity makes us better. 

We embrace and encourage our employees’ differences in age, culture, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion or spiritual belief, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique. We actively cultivate these differences through our employee resource groups (ERGs), employee experiences, perspectives, talents, and approaches to drive innovation in the software and services we provide our customers. 

We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. To request reasonable accommodation in the job application or interview process, please contact accessibility@paylocity.com. This email address is exclusively designated for such requests, aligning with federal and state disability laws. Please do not send resumes to this email address, as they will be removed. 

This role can be performed from any office in the US. The pay range for this position is $120,000 - $131,000 /yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus and restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers.