Vulnerability Management Security Engineer

What You'll Do

Join us in building a secure platform supporting Avalara's expanding business. In this role you will have the opportunity to engage with the best and brightest engineers and architects as they build our future application and service capabilities, while ensuring our current generation solutions continue to deliver the trust and reliability our customers expect. If you want to make a big difference in a fast-moving environment without endless meetings, if you want to set your direction instead of having it set for you, if you want to have all the benefits of start-up and an established company, then this is the job for you.

We are seeking a skilled and detail-oriented Vulnerability Management Engineer to join our cybersecurity team. This role is critical in identifying, assessing, and mitigating vulnerabilities within our infrastructure, applications, and systems. The ideal candidate will work closely with cross-functional teams to ensure the organization's security posture remains robust against emerging threats.

Automation is fundamental to modern agile security organizations, and you will be responsible for making the security pipeline and the underlying infrastructure valuable and consistent. You will strive toward Infrastructure-as-Code and Policy-as-Code to make our systems as reliable and maintainable as possible. You will provide guidance, training, and support to the rest of the Security team as they contribute additional tools to the security pipeline. You will be able to talk tech and business. You will work tirelessly to find the right solution, not the first solution. You thrive on challenge, and you are not afraid to dig in, all while having fun and not getting too serious.

Job Duties

What Your Responsibilities Will Be

• Creating and managing a security automation framework and pipeline.
• Maintaining and improving the infrastructure that security relies upon.
• Evangelizing and assisting the development teams with tool integrations across the organization
• Providing training and guidance to security engineering to integrate new tools into the security pipeline.
• Developing and implementing manual and automated security tests.
  
  
  

Qualifications

• 8+ years of experience in vulnerability management, DevSecOps, or related security domains.
• Hands-on experience with vulnerability scanning tools (e.g., CheckMarx, Brinqa, Acunetix, Tenable, Wiz).
• Familiarity with patch management processes and tools.
• 8+ years' experience software development experience, preferring Go, Python, and .Net
• Experience working with a variety of development tools, languages, and environments, including .NET, Java, PHP, Node.js, Ember, SQL Server, and Amazon Web Services
• Experience performing peer code review.
• Experience with agile software development processes and methodologies
• Working knowledge of source code repositories including Git
  
  
  

Preferred Qualifications

• Bachelor's Degree in Computer Science, Engineering, or related field
• Experience in Security Engineering roles, in support of the SDLC
• Certifications such as CISSP, CEH, OSCP, or CompTIA Security+.
• Experience with cloud environments and associated vulnerabilities (e.g., AWS, Azure, GCP).
• Familiarity with scripting languages like Python or PowerShell for automation.
  
  
  

What You'll Need to be Successful

How We'll Take Care of You

Total Rewards

In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness

Benefits vary by location but generally include private medical, life, and disability insurance.

Inclusive culture and diversity

Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.

Learn more about our benefits by region here: Avalara North America

What You Need To Know About Avalara

We’re Avalara. We’re defining the relationship between tax and tech. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year. Last year, we became a billion-dollar business, and our tribe expanded by a cool thousand people - there’s nearly 5,000 of us now. Our growth is real, and we’re not slowing down - not until we’ve achieved our mission - to be part of every transaction in the world.

We’re bright, innovative and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them. We’ve been different from day one. Join us, and your career will be too.

We’re An Equal Opportunity Employer

Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.