Senior Security Engineer- Web Application Firewall

Job Description

Job Description

Description:

Paylocity is an award-winning provider of cloud-based HR and payroll software solutions, offering the most complete platform for the modern workforce. The company has become one of the fastest-growing HCM software providers worldwide by offering an intuitive, easy-to-use product suite that helps businesses automate and streamline HR and payroll processes, attract and retain talent, and build a strong workplace culture.

While traditional HR and payroll providers automate basic HR processes such as payroll and benefits administration, Paylocity goes further by developing tools that HR and businesses need to compete for talent and deliver against the expectations of the modern workforce.

We give our employees what they need to succeed, including great benefits and perks! We offer medical, dental, vision, life, disability, and a 401(k) match, as well as perks that support you, your family, and your finances. And if it’s career development you desire, we provide that, too! At Paylocity, people matter most and have always been at the heart of our business.

Help Paylocity enhance communication and enable employees to connect, collaborate, and create from anywhere with a position in Product & Technology!

Want to develop the strategies and principles needed to deliver compelling software? Join our team and help us enhance our all-in-one software platform, elevate our one-of-a-kind technology, and improve the employee experience.

Take your career to the next level at one of G2's Top 100 Software Companies. Explore our Product & Technology positions to see where you fit!

This is a fully remote position, allowing you to work from home or location of record within the U.S. with no in-office requirements. You must be available five days per week during designated work hours. The work arrangement for this role is subject to change based on business needs and individual performance. This may include adjustments to on-site requirements or schedule expectations, as necessary.

Position Overview

The Sr. Security Engineer (WAF) is responsible for architecting, implementing, and continuously improving application-layer security controls across Paylocity’s SaaS platforms. This role operates within the newly established Product Security function and focuses on protecting web, API, and AI workflows beyond traditional authentication boundaries.

This position requires deep expertise in Web Application Firewall technologies, Layer 7 threat patterns, and behavioral abuse mitigation. The Sr. Security Engineer (WAF) will lead enforcement strategy, mature detection capabilities, and serve as a subject matter expert for application-layer risk, working closely with Product, Engineering, Infrastructure, and Security teams. The role also plays a key part in supporting Product Security Incident Response (PSIRT).

Primary Responsibilities

The below represents the primary duties of the position; others may be assigned as needed. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.

• Architect, implement, and maintain Web Application Firewall (WAF) protections across web and API endpoints.
• Lead strategy and tuning for rate limiting, bot mitigation, and automation abuse prevention.
• Design scalable enforcement models for high-risk workflows including authentication, reporting/export, file uploads, and administrative functions.
• Analyze application-layer traffic patterns to identify behavioral anomalies, scraping activity, credential abuse, and logic misuse.
• Partner with Product and Engineering teams to ensure enforcement decisions align with intended business logic and user experience.
• Support and help operationalize Product Security Incident Response (PSIRT) for application-layer events.
• Develop investigation playbooks and continuously refine rule sets based on incident learnings.
• Optimize enforcement coverage while minimizing false positives and customer friction.
• Conduct periodic architecture and rule reviews to ensure controls evolve with emerging attack patterns and platform growth.
• Provide technical leadership and mentorship within the Product Security team on application-layer protection strategies.

Education and Experience

• Bachelor’s degree in information security, Computer Science, or a related discipline required.
• Minimum 7 years of experience in application security, WAF engineering, or edge security roles.
• Deep hands-on experience with enterprise WAF platforms across both on-premises and cloud-based environments (F5, Akamai, Imperva, AWS WAF, Cloud-based edge platforms, or equivalent).
• Experience leading or participating in WAF modernization initiatives, including migration from legacy, appliance-based architectures to scalable, distributed or cloud-aligned enforcement models.
• Strong understanding of DNS fundamentals and DNS security concepts, including authoritative vs. recursive resolution, DNS-based attack vectors, DNSSEC, and traffic steering considerations.
• Strong expertise in OWASP Top 10 and OWASP API Security Top 10.
  Experience protecting large-scale, multi-tenant SaaS applications and high-volume web/API environments.
• Proven experience designing and tuning rate limiting, bot mitigation, and automation detection controls.
• Experience investigating and responding to application-layer security incidents.
  Strong understanding of TLS, API architectures, session handling, identity flows, and Layer 7 attack patterns.
• Experience integrating WAF and application-layer telemetry into SIEM or observability platforms.
• Experience working in hybrid architectures spanning data center and cloud environments preferred.
• Experience with scripting (Python, PowerShell, Bash, etc.) for automation and rule management is a plus
• Foundational knowledge of AI/ML principles and their impact on modern application-layer threat landscapes.

Physical requirements

• Ability to sit for extended periods: The role requires sitting at a desk or workstation for long periods, typically 7-8 hours a day.
• Use of computer and phone systems: The employee must be able to operate a computer, use phone systems, and type. This includes using multiple software programs and inquiries simultaneously.

Paylocity is an equal-opportunity employer. Paylocity is committed to the full inclusion of all individuals. We recruit, train, compensate, and promote regardless of race, religion, color, national origin, sex, disability, age, veteran status, and other protected status as required by applicable law. At Paylocity, we believe diversity makes us better.

We embrace and encourage our employees’ differences in age, culture, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion or spiritual belief, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique. We actively cultivate these differences through our employee resource groups (ERGs), employee experiences, perspectives, talents, and approaches to drive innovation in the software and services we provide our customers.

We comply with federal and state disability laws and make reasonable accommodations for applicants and employees with disabilities. To request reasonable accommodation in the job application or interview process, please contact View email address on ziprecruiter.com. This email address is exclusively designated for such requests, aligning with federal and state disability laws. Please do not send resumes to this email address, as they will be removed.

The base pay range for this position is $101,100k - $150k/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus and restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. Base pay information is based on market location. Applicants should apply via