Application Security Engineer

Job Description

Our ideal application security engineer has experience working on a variety of platforms and technologies and is passionate about identifying and managing risks. Security can be complex, so you will be responsible to make it simple, but make its impact significant in our engineering organizations. You will provide guidance, training, and support. You will be able to talk tech and business. You will work hard to find the right solution, not the first solution. You thrive on challenge and you are not afraid to dig in, all while having fun and not getting too serious.

Setting strategic direction for application security within Avalara, including processes, tools, metrics, and reporting
Performing code and design reviews of internal and customer-facing software products and solutions
Providing training, education, awareness, and communication to development and engineering groups
Guiding the Product teams to remediate the vulnerabilities.
Designing, developing, and implementing software development policies, standards, procedures, and technical controls
Managing security tooling infrastructure and configuration
Guide and mentor, the junior Application Security Engineers

What You’ll Need to be Successful

Qualifications

Bachelor’s Degree in Computer Science, Engineering, or related field
4 – 8 years of experience performing manual code review and threat modeling.
4 – 8 years of experience with SCA, SAST, DAST application security tools
Deep technical knowledge and experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10
Experience working with a variety of development tools, languages, and environments, including Python, Go Lang, Terraform, .NET, Java, PHP, Node.js
Experience working with cloud orchestration technologies like Docker, Kubernetes & IAC
Experience working with a variety of cloud providers including AWS & GCP

Preferred Qualification

Experience developing and securing applications in AWS.
Good to have security certifications including CISSP, CSSLP, GIAC & AWS
Knowledge of regulatory and compliance standards including SOC 2, ISO 27001 & GDPR
Hands on experience in a continuous integration/continuous deployment (CI/CD) environment