Many companies offer payroll and human capital management (HCM) solutions, but Paylocity takes technology to the next level. We've evolved beyond HCM to a next-generation employee experience platform. With uniquely designed solutions to help companies engage employees, we've changed how and where work gets done and created a personalized work environment. Join Paylocity as we continue to transform the future of technology!
We give our employees what they need to succeed, including great benefits and perks! We offer medical, dental, vision, life, disability, and a 401(k) match, as well as perks that support you, your family, and your finances. And if it's career development you desire, we provide that, too! At Paylocity, people matter most and have always been at the heart of our business.
Help Paylocity enhance communication and enable employees to connect, collaborate, and create from anywhere with a position in Product & Technology!
Want to develop the strategies and principles needed to deliver compelling software? Join our team and help us enhance our all-in-one software platform, elevate our one-of-a-kind technology, and improve the employee experience.
Take your career to the next level at one of G2's Top 100 Software Companies. Explore our Product & Technology positions to see where you fit!
The DevSecOps Manager is a key member of the Information Security leadership team at Paylocity. He or she is accountable for the ensuring that the DevSecOps team delivers on its mission of ensuring that Paylocity's applications are architected and built in a manner that adequately safeguards the confidentiality, integrity, and availability of client information. The DevSecOps Manager may be called upon to serve as the acting leader of Application Security from time to time when the Application Security Senior Manager is absent.
The below represents the primary duties of the position, others may be assigned as needed. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
From a delivery management perspective, the DevSecOps Manager:
- Manages major application security projects and initiatives to their successful conclusion, on time and within budget
- Manages the schedule for application security service delivery, ensuring that work is evenly distributed, and internal partners are satisfied with timeliness
- Actively meets expectations of internal partners related to application security service delivery
- Ensures team's expenses are aligned to overall Information Security department's budget
- Ensures that metrics and key performance indicators (KPIs) for application security service delivery are created and maintained
- Works towards embedding application security considerations and processes into Paylocity's software development lifecycle
- Manages the relationships between Paylocity and its application security vendors, e.g., application security tool suppliers such as Static and Dynamic Testing tool providers etc.
- Sets goals and objectives for the DevSecOps team and uses risk-based approach to prioritization
- Stays on top of changes in Paylocity's applications and technical architecture to identify changes in areas of excessive risk and to assist with resource allocation
- Regularly communicates the current status of service delivery, projects, initiatives, morale, etc. to the AppSec Senior Manager and other stakeholders, as necessary
- Finds ways to scale up application security service delivery by embedding security tasks within roles outside of the DevSecOps team, e.g., Software Engineers, QA professionals
- Ensures Paylocity applications are regularly scanned for security related bugs or design flaws
- Ensures that all Paylocity Product Development personnel are trained on secure design and coding techniques
- Is ultimately responsible and accountable for the delivery of application security services and the successful completion of security projects
- Advocates the need for and importance of security and automation to all departments throughout Paylocity
- Uses influence and persuasion to get those outside of his or her direct control to take actions that benefit Paylocity's overall security posture
- Addresses & de-escalates application security related issues in a timely manner
- Disseminates sharable information learned from senior security leadership and other Paylocity leaders to the members of the DevSecOps team
- Actively advocates for the needs and desires of the DevSecOps team while simultaneously balancing those needs and desires with those of other teams within the Information Security department and Paylocity as a whole
- Assists individual staff members in setting specific, measurable, achievable, realistic, and timely performance and professional development goals and objectives
- Maintains team morale through celebrations of success, equal distribution of interesting project work, individual recognition, etc.
- Holds one-on-one meetings with each member of the DevSecOps team on at least a weekly basis
- Discusses progress against stated goals and objectives with each member of the DevSecOps team on at least a quarterly basis
- Writes well-articulated performance reviews and delivers those performance reviews to each member of the DevSecOps team at least once annually
- Monitors individual performance levels and works to provide timely and accurate feedback
- Hosts occasional team building exercises / events to celebrate success, maintain morale, or improve team cohesiveness
- Suggests individual promotions, demotions, compensation changes, and bonuses in line with the Information Security budget and individual performance levels
- 5-7 years of experience within an application security role
- Bachelor's degree with a preference for computer science, information security, management information systems, or similar major required
- Master's degree (MBA or MS) is preferred, but not required
- At least one professional certification such as the Security+, CISSP, CSSLP, C|EH, and / or OSCP
- Knowledge of agile development frameworks and DevOps
- Previous people management experience
- Strong project management skills
- Budget management experience preferred
- Service management / delivery knowledge preferred
- Knowledge of process design and improvement methods preferred
- Strong communication skills (written and verbal) including public speaking
- Experience with application security tools such as static application security testing (SAST) software, dynamic application security testing (DAST) software, web application firewalls (WAF), open source security testing tools (SCA), etc.
- Experience in a payroll, technology, or software company preferred
Paylocity is committed to the full inclusion of all individuals. We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. To request reasonable accommodation in the job application or interview process, please contact [email protected]
This role can be performed from any office in the US. The pay range for this position in Colorado is $148,000 - $229,000 /yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus and restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. This information is provided per the Colorado Equal Pay for Equal Work Act. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers.
#LI-Tech #LI-Remote #LI-InfoSec