Product Security Engineer

Avalara -
Remote

Apply Now

Job details

6 hours ago

Benefits

Health insurance
Paid time off
Life insurance

Qualifications

CI/CD
Go
Computer Science
B.Sc
.NET
Java
AWS
Bachelor's degree
Continuous integration
Software development
APIs
AI
Python
SDLC

Full job description

What You'll Do:

Avalara is seeking a Security Engineer to join our Application Security team. In this role you will be tasked with designing, implementing and deploying security engineering tooling for our code scanning and web scanning pipelines across our software development lifecycle (SDLC). This role will help us scale the traditional application security CICD code scanning processes into automated pipelines to find security vulnerabilities such as XSS, SSRF, RCE, CSRF and SQLi across Avalara’s code base, using a hybrid of algorithmic and AI-driven technologies.

You will leverage your software engineering skills and security knowledge to help uplift the security posture of our products and SaaS services while enabling engineering teams to deliver secure software at scale. The ideal candidate combines deep technical expertise in application security, software engineering, and cloud-native technologies with a passion for solving complex security challenges through automation and collaboration. This role will report into the Senior Manager of Application Security.

What Your Responsibilities Will Be:

Design, build and deploy microservice-based automation leveraging manually discovered findings to scale automated scanning and vulnerability discovery efforts

Build effective vulnerability triage process including contextual severity analysis, remediation plan, root-cause-analysis, mitigation strategies

Identify tooling gaps in static and dynamic scanning technologies and build out tooling to correct coverage and findings accuracy, including but not limited to SAST, DAST, SCA, and Secrets Scanning

Provide security guidance and consultancy to engineering service owners to remediate known vulnerabilities. Build company-wide remediation burndowns plans.

Perform threat modelling, design, and code reviews on an as-needed basis to assess software security and service posture, to lead future product roadmaps and requirements.

Leverage AI to augment existing platform security capabilities

Mentor junior team members in their day-to-day activities and be a SME in application security domain

12-MONTH SUCCESS

Enhance automated application security coverage and reduce vulnerability backlog and remediation cycle times.

Improve tooling accuracy and reduce false positives by performing contextual analysis

Establish scalable vulnerability triage processes.

Implement AI-enabled security capabilities with measurable outcomes.

AI EXPECTATIONS

Use AI to improve vulnerability discovery, prioritization, triaging and remediation.

Build AI-enabled security capabilities.

Promote responsible and secure AI adoption.

What You'll Need to be Successful:

B.S. in Computer Science, Computer Science Engineering (CSE) or Electrical Engineering, Mathematics or a related field.

Programming skills in at least one of the programing languages like Java, Go, Python, .NET.

Minimum of 12 years' work experience in application security, with hands-on experience in SCA, SAST, DAST, and related code scanning technologies.

Experience in identifying, evaluation, and remediating application vulnerabilities including the OWASP Top 10 and/or CWE Top 25.

Experience in software development technologies, CI/CD build pipelines and AWS/GCP cloud provider IaC provisioning technologies.

Ability to communicate ideas and proposal concisely to technical Engineering audiences.

Avalara is an AI-first Company:

AI is embedded in our workflows, decision-making, and products. Success here requires embracing AI as an essential capability.

You’ll bring experience using AI and AI-related technologies, ready to thrive here.
You’ll apply AI every day to business challenges - improving efficiency, contributing solutions, and driving results for your team, our company, and our customers.
You’ll grow with AI by staying curious about new trends and best practices, and by sharing what you learn so others can benefit too.

How We'll Take Care of You:

Total Rewards

In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness
Benefits vary by location but generally include private medical, life, and disability insurance.

Inclusive culture and diversity
Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.

What You Need To Know About Avalara:

We’re defining the relationship between tax and tech.

We’ve already built an industry-leading cloud compliance platform, processing over 54 billion customer API calls and over 6.6 million tax returns a year. Our growth is real - we're a billion dollar business - and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world.

We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. We’ve been different from day one. Join us, and your career will be too.

We’re An Equal Opportunity Employer

Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.

Apply Now

Jobseeker tools

Employer Tools

Browse

Stay Connected