Senior Application Security Engineer - Remote

Overview

Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.

In Short

• You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.
• You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.
• You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.
• You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.
• Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.
• Promote security by design across the organization, and help foster a security-first culture.
• Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.

Requirements

• 8+ years of experience in application security, secure software development, or security engineering.
• Strong programming proficiency in Python and GoLang (hands-on).
• Experience with secure SDLC practices and CI/CD pipeline integration.
• Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.
• Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
• Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.
• Familiarity with Git, modern source control practices, and agile development methodologies.
• Experience working with a broad range of security tools, including:
  • Tenable, Wiz (Cloud Security Posture Management)
  • Checkmarx, Mend (SAST, SCA)
  • Acunetix, Burp Suite (DAST)
  • CrowdStrike (EDR/XDR)
• Bachelor's Degree in Computer Science, Engineering, or a related field.
• Proven experience contributing to security automation efforts within a security organization like Avalara Security.
• Experience with AI/ML tools and frameworks applied to application security or behavior analytics.
• Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.
• Passion for enabling developer-friendly security solutions and maximum automation.

Benefits

• Great compensation package, paid time off, and paid parental leave.
• Many Avalara employees are eligible for bonuses.
• Health benefits vary by location but generally include private medical, life, and disability insurance.
• Avalara strongly supports diversity, equity, and inclusion.
• Employee-run resource groups with senior leadership and exec sponsorship.