You will engage with the engineers and architects as they build our future application and service capabilities, while ensuring our current generation solutions continue to deliver the trust and reliability our customers expect. If you want to make a big difference in a without endless meetings, if you want to set your direction instead of having it set for you, if you want to have all the benefits of startup and an established company, we want to talk to you.

Our ideal application security engineer has experience working on a variety of platforms and is passionate about managing risks. Security can be complex, so you will make it simple, but make its impact in our engineering organizations. You will provide guidance, training, and support. You will talk tech and business. You will to find the right solution, not the first solution. You value challenge and you dig in, all while having fun and not getting too serious.

You will report into Senior Manager, Product Security.

In Short

Setting strategic direction for application security within Avalara, including processes and reporting
Perform code and design reviews of internal and customer-facing software products and solutions
Provide training, education, awareness, and communication to development and engineering groups
Guide the Product teams to improve the vulnerabilities.
Develop software development policies, standards, procedures, and technical controls
Manage security tooling infrastructure and configuration
Mentor, the junior Application Security Engineers

Requirements

Bachelor's Degree in Computer Science, Engineering, or related field
12+ years of experience performing manual code review and threat modeling.
12+ years of experience with SCA, SAST, DAST application security tools
Deep experience identifying, evaluation, and remediating application vulnerabilities including the OWASP Top 10
Experience working with a variety of development tools, languages, and environments, including Python, Go Lang, Terraform, .NET, Java, PHP, and Node.js
Experience working with cloud orchestration technologies like Docker, Kubernetes & IAC
Experience working with a variety of cloud providers including AWS & GCP
Experience developing and securing applications in AWS.
Good to have security certifications including CISSP, CSSLP, GIAC & AWS
Knowledge of regulatory and compliance standards including SOC 2, ISO 27001 and GDPR
Hands-on experience in a continuous integration deployment (CI/CD) environment

Benefits

Great compensation package
Paid time off
Paid parental leave
Many employees are eligible for bonuses
Private medical, life, and disability insurance
Support for diversity, equity, and inclusion
Employee-run resource groups

Avalara

Avalara is a leading provider of cloud-based compliance solutions, specializing in tax technology. With a mission to be part of every transaction in the world, Avalara has built an industry-leading platform that processes nearly 40 billion customer API calls and over 5 million tax returns annually. The company has experienced significant growth, becoming a billion-dollar business and expanding its workforce to nearly 5,000 employees. Avalara fosters a culture of innovation, diversity, and inclusion, empowering its employees to take ownership and achieve their goals. The company is committed to integrating diversity and equity into its business practices and organizational culture.

Share This Job!

Save This Job!

Jobs from Avalara:

Security Risk Specialist

Risk Analysis

Application Security

IT Audit

Senior Salesforce Business Analyst - CPQ

Salesforce

CPQ

Billing

Senior Product Manager - Workday Financials