You will engage with the best and brightest engineers and architects as they build our future application and service capabilities, while ensuring our current generation solutions continue to deliver the trust and reliability our customers expect. If you want to make a big difference in a fast-moving environment without endless meetings, if you want to set your direction instead of having it set for you, if you want to have all the benefits of startup and an established company, we want to talk to you.
Our ideal application security engineer has experience working on a variety of platforms and is passionate about identifying and managing risks. Security can be complex, so you will make it simple, but make its impact in our engineering organizations. You will provide guidance, training, and support. You will talk tech and business. You will to find the right solution, not the first solution. You value challenge and you dig in, all while having fun and not getting too serious.
You will report into Senior Manager, Product Security.
 
Setting strategic direction for application security within Avalara, including processes, metrics, and reporting
- Perform code and design reviews of internal and customer-facing software products and solutions
- Provide training, education, awareness, and communication to development and engineering groups
- Guide the Product teams to remediate the vulnerabilities.
- Develop software development policies, standards, procedures, and technical controls
- Manage security tooling infrastructure and configuration
- Mentor, the junior Application Security Engineers

What Your Responsibilities Will Be
Qualifications: Bachelor's Degree in Computer Science, Engineering, or related field
- 12+ years of experience performing manual code review and threat modeling.
- 12+ years of experience with SCA, SAST, DAST application security tools
- Deep technical knowledge and experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10
- Experience working with a variety of development tools, languages, and environments, including Python, Go Lang, Terraform, .NET, Java, PHP, and Node.js
- Experience working with cloud orchestration technologies like Docker, Kubernetes & IAC
- Experience working with a variety of cloud providers including AWS & GCP
‍

What You'll Need to be Successful
Preferred Qualification: Experience developing and securing applications in AWS.
- Good to have security certifications including CISSP, CSSLP, GIAC & AWS
- Knowledge of regulatory and compliance standards including SOC 2, ISO 27001 & GDPR
- Hands-on experience in a continuous integration/continuous deployment (CI/CD) environment