Avalara is seeking a Senior Manager of Application Security to lead an engineering team focused on designing, implementing and deploying security engineering tooling for our code scanning and web scanning pipelines. This role will be responsible for scaling the traditional application security mode of code auditing into automated pipelines to find security vulnerabilities such as XSS, SSRF, RCE, CSRF and SQLi across Avalara’s code base. You will leverage your software skills and security knowledge to help uplift the security posture of our products and services. This is a unique opportunity to make real impacts to our overall software security posture as you continue to uplevel your own software engineering and security skills. This role is ideal for someone who combines deep technical knowledge in cloud and application security with a strong track record of collaborative leadership and cross-functional influence. This role will report to the VP of Product Security.
This is a Remote role.
What Your Responsibilities Will Be:You will lead, coach, and grow a high-performing team of security engineers focused on design, build and deploy microservice-based automation leveraging manually discovered findings to scale automated scanning and vulnerability discovery efforts
You will provide technical leadership, mentorship, and direction to staff and Engineering teams.
You will identify tooling gaps in static and dynamic scanning technologies and build out tooling to correct coverage and findings accuracy.
You will provide security guidance and consultancy to engineering service owners to remediate known vulnerabilities. Build company-wide remediation burndowns plans.
You will explore and leverage AI to augment existing application security capabilities.
You will provide expert guidance on threat modelling, vulnerability management, and security best practices across all areas of SDLC to Engineering.
You will manage the execution of complex, multi-team security projects with clear milestones, metrics, and outcomes.
B.S. or M.S. in Computer Science, Engineering, or a related technical field.
12+ years of total experience, including 5+ years in application security, and 3–5 years in a technical leadership role.
Hands-on experience in SCA, SAST, DAST and related code scanning technologies.
Experience identifying, evaluation, and remediating application vulnerabilities including the OWASP Top 10 and/or CWE Top 25.
Ability to communicate ideas and proposal concisely to technical audiences.
Proven ability to design and integrate security tooling into CI/CD pipelines and SDLC workflows.
Development background using Golang and Python
Avalara is an AI-first Company:
AI is embedded in our workflows, decision-making, and products. Success here requires embracing AI as an essential capability.
You’ll bring experience using AI and AI-related technologies, ready to thrive here.
You’ll apply AI every day to business challenges - improving efficiency, contributing solutions, and driving results for your team, our company, and our customers.
You’ll grow with AI by staying curious about new trends and best practices, and by sharing what you learn so others can benefit too.
Total Rewards
In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.
Health & Wellness
Benefits vary by location but generally include private medical, life, and disability insurance.
Inclusive culture and diversity
Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.
What You Need To Know About Avalara:
We’re defining the relationship between tax and tech.
We’ve already built an industry-leading cloud compliance platform, processing over 54 billion customer API calls and over 6.6 million tax returns a year. Our growth is real - we're a billion dollar business - and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world.
We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. We’ve been different from day one. Join us, and your career will be too.
We’re An Equal Opportunity Employer
Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.
Dropbox
Media.Monks
Bel
Novartis
Flexera
Avalara
Avalara
Avalara