The Vulnerability Assessments Engineer is a key member of the Information Security team at Paylocity, reporting to the Manager – Vulnerability Assessments. He or she is accountable for the ensuring that the Information Security team delivers on its mission of ensuring that Paylocity’s application and infrastructure are architected and built in a manner that adequately safeguards the confidentiality, integrity, and availability of client information.
Performance Objectives
The primary responsibilities of the position follow. Other duties may be assigned as needed.
· Research, identify, asses, and prioritize vendor and third-party security advisories and acts as a bridge between Information Security and system owners to see through the remediation activities.
· Conduct vulnerability assessments of our organization’s networks, systems, and applications
· Analyze vulnerability scan results to identify potential security risks.
· Develop and maintain vulnerability management processes, policies, and procedures.
· Collaborate with other teams to prioritize and remediate identified vulnerabilities.
· Conduct security assessments of third-party vendors and ensure that their security practices meet our organization’s standards.
· Keep up to date with the latest security threats and vulnerabilities and provide recommendations on how to mitigate them.
· Provide guidance and training to other teams on vulnerability management best practices.
· Provide technical advice to associate team members on attacks and perform peer review of penetration test reports.
· Coordinate independent application penetration tests executed by external security firms.
· Perform technical analysis on vulnerabilities emanating from Cloud Security Posture Management (CSPM) tools.
· Develop vulnerability remediation guidelines in consultation with Cloud Security Team
· Create vulnerability evaluation standards for consistent reporting of vulnerabilities across various platforms
· Identify opportunities to automate repeatable tasks to solve scale and sustainability challenges associated with vulnerability triage
Education and Experience
· 4-6 years of experience within an information security role
· Bachelor’s degree in computer science, information security, management information systems, or similar major a plus
· Knowledge of vulnerability scanning tools and techniques
· Basic ability to script in one of the programming languages such as Python, Ruby, C#, Java, etc,.
· Experience working with vulnerability scanning tools such as Tenable, Rapid7, Qualys, etc,.
· Experience working with CVSS and ability to research vulnerabilities independently from source such as NVD, VulndDB, etc,.
· Familiarity with security frameworks such as NIST, ISO 27001, and CIS Controls
· Professional certification such as the Security+, CEH, OSCP, Agile Scrum, CSM, CSPO, PMI-ACP,GSLC is a plus
· Strong knowledge of IT ecosystem ranging from hardware network devices, storage systems, workstations, mobile devices, operating systems, and application frameworks
· Intermediate knowledge of evolving technologies such as containers and cloud security
· Basic knowledge of common cloud platforms such as AWS, Azure, GCP, etc,.
· Ability to evaluate cloud vulnerabilities resulting from Cloud Security Posture Management(CSPM) Tools such as Wiz, Prisma
· Stays up to date and current on new threats and new developments in the information security field
· Experience performing Web Application Security / Penetration Testing in accordance with OWASP standards such as ASVS, Testing Guide, Mobile & API Top 10
· Experience with writing Burp plugins, opensource security tools, presenting at security conferences, writing technical research papers or publishing CVE is a plus
Experience working with Payroll, HR, Time & Labor Management, and Online Benefits Enrollment applications is a plus
Share
Facebook
Twitter
LinkedIn
Telegram
Tumblr
WhatsApp
VK
Mail