Senior Threat Detection Engineer

Paylocity is an award-winning provider of cloud-based HR and payroll software solutions, offering the most complete platform for the modern workforce. The company has become one of the fastest-growing HCM software providers worldwide by offering an intuitive, easy-to-use product suite that helps businesses automate and streamline HR and payroll processes, attract and retain talent, and build a strong workplace culture.

While traditional HR and payroll providers automate basic HR processes such as payroll and benefits administration, Paylocity goes further by developing tools that HR and businesses need to compete for talent and deliver against the expectations of the modern workforce.

We give our employees what they need to succeed, including great benefits and perks! We offer medical, dental, vision, life, disability, and a 401(k) match, as well as perks that support you, your family, and your finances. And if it’s career development you desire, we provide that, too! At Paylocity, people matter most and have always been at the heart of our business.

Help Paylocity enhance communication and enable employees to connect, collaborate, and create from anywhere with a position in Product & Technology!

Want to develop the strategies and principles needed to deliver compelling software? Join our team and help us enhance our all-in-one software platform, elevate our one-of-a-kind technology, and improve the employee experience.

Take your career to the next level at one of G2's Top 100 Software Companies. Explore our Product & Technology positions to see where you fit!

Who you are: 

Reporting to the Threat Management Leader within the larger Security Operations Team, the Senior Detection and SIEM Engineer is an expert in SIEM, SOAR, and platform logs. A keen understanding of detection logic, threat analysis, threat hunting, IOCs, and search/query languages are required to be successful in this role. Detection Engineering refers to the processes, practices, and services necessary to make our investments in threat detection platforms pay off. It is the link between security event analysis, incident response and the SIEM and other detection platforms (among others). The role focuses on helping prioritize log sources, improving the signal-to-noise ratio, deploying and administering SIEM and other detection tools, and ensuring the Cyber Threat Operations Team has the monitoring visibility needed to be successful in its mission.

General Attributes and Responsibilities:

• Must be able to work with all levels of individual contributors and leaders
• Must be able to manage time and resources against high-level goals and strategies
• Must be able to manage relationships with third-party vendors and support staff
• Must be able to work in a collaborative fashion with a willingness to share ideas and drive continuous improvement
• Must be entrepreneurial and a self-starter: if you have ideas for improvement, seek to suggest and execute
• Must provide authoritative technical point-of-view for project and roadmap development/planning in the SIEM and Detection space

Detection SME:

• Collaborate with IT and Security teams to build and improve capabilities to effectively detect and respond to security incidents or other high value activities
• Perform analysis against logs from a variety of sources to identify potential threats and detection ideas while also managing the signal-to-noise ratio
• Design, implement, and fine-tune advanced detection mechanisms to proactively identify potential security threats
• Periodically review the Detection Engineering workstreams, assessing them for maturing and assisting management in prioritizing program growth and improvements

SOAR SME:

• Design, build, and maintain workflows and automations that auto-resolve incidents as appropriate
• Design, build, and maintain workflows and actions that enrich incidents to increase investigative scaling, decrease response times, and improve efficiency of analysis

SIEM SME:

• Manage daily care and feeding of the SIEM tool, as well as assisting peers in managing other detection tools 
• Lead and execute log ingestion efforts to ensure relevant logs are identified and prioritized for correlation
• Design and carry out enablement of other security functions and outcomes such as purple teaming and threat hunting
• Assist with proof-of-concepts or implementation of security tooling and platforms 
• Serve as Tier 4 for Threat Management workstreams as appropriate and assigned by manager
• Perform analysis against logs from differing sources to improve security-relevant logging pipelines
• Prioritize and champion “store only what is needed” strategies to help control SIEM costs
• Together with Senior Cyber Threat Analysts, document response actions and tasks for effective handling of threat investigation and response (triage playbooks)

The Ideal Candidate Will Possess: 

• A bachelor's degree and 6+ years' experience in any combination of cyber threat analysis, SIEM engineering, detection engineering, threat hunting, purple teaming, and threat intelligence 
• Excellent written and verbal communication, strong interpersonal skills  
• Advanced experience with SIEM and SOAR platforms such as SPLUNK, Exabeam, QRadar, etc. Experience with Exabeam and Crowdstrike a plus
• Demonstrated proficiency in understanding and executing enterprise architecture and software development life cycle methodologies 
• Comfortable with performing proof of concepts and technical evaluations 
• Knowledge of IT environments including servers, endpoints, cloud, security platforms and ecosystems, remote working environments, and CI/CD pipelines
• Experience with Linux operating systems (Ubuntu, Centos/Redhat)  
• Demonstrated hands-on technical knowledge of Active Directory including permissions, Group Policy, etc.  
• Experience with layer-2 and layer-3 networking protocols and managed networking equipment i.e. switches, routers, firewalls 
• Technical knowledge of M365 services including Exchange Online, Power BI, SharePoint, and O365 
• Advanced experience with Microsoft Entra ID, Windows Defender alerting
• Strong Background in automation including web APIs (REST, PowerShell, Python preferred)  
• Technical knowledge of VMware (vSphere, ESX, etc.)  
• Proven experience with Cloud platforms (AWS, Azure, Google Cloud, etc.) 

Paylocity is an equal-opportunity employer. Paylocity is committed to the full inclusion of all individuals. We recruit, train, compensate, and promote regardless of race, religion, color, national origin, sex, disability, age, veteran status, and other protected status as required by applicable law. At Paylocity, we believe diversity makes us better.

We embrace and encourage our employees’ differences in age, culture, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion or spiritual belief, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique. We actively cultivate these differences through our employee resource groups (ERGs), employee experiences, perspectives, talents, and approaches to drive innovation in the software and services we provide our customers.

We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. To request reasonable accommodation in the job application or interview process, please contact accessibility@paylocity.com. This email address is exclusively designated for such requests, aligning with federal and state disability laws. Please do not send resumes to this email address, as they will be removed.

This role can be performed from any office in the US. The pay range for this position is $118k - $160/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers. 

#LIremote