What You'll Do Avalara is looking for a Security Engineer to join our Application Security team. In this role you will be tasked with designing, implementing and deploying security engineering tooling for our code scanning and web scanning pipelines. You will help us scale the traditional application security mode of code auditing into automated pipelines to find security vulnerabilities such as XSS, SSRF, RCE, CSRF and SQLi across Avalara's code base. You will report into Senior Manager of Application Security. Remote opportunity. #LI-Remote This role is not eligible for visa sponsorship. What Your Responsibilities Will Be Design, build and deploy microservice-based automation leveraging manually discovered findings to scale automated scanning and vulnerability discovery efforts. Identify tooling gaps in static and dynamic scanning technologies and build out tooling to correct coverage and findings accuracy. Provide security guidance and consultancy to engineering service owners to remediate known vulnerabilities. Build company-wide remediation burndowns plans. Perform threat modelling, design, and code reviews on an as-needed basis to assess software security and service posture, to lead future product roadmaps and requirements What You'll Need to be Successful B.S. in Computer Science, Computer or Electrical Engineering, Mathematics or a related field Programming skills in at least one of the following: Java, Go, Python, .NET Minimum of 8 years work in application security, with hands-on experience in SCA, SAST, DAST and related code scanning technologies Experience identifying, evaluation, and remediating application vulnerabilities including the OWASP Top-10 and/or CWE Top-25 Work experience with CI/CD build pipelines and AWS/GCP cloud provider IaC provisioning technologies Pay Range Details The base pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations. Colorado $148,800-$245,600 (annually) Washington $148,800-$271,500 (annually) California $148,800-$297,300(annually) NYC $164,500-297,300 (annually) The pay range above is the general base pay range for you in the state listed. Your actual salary/wage may be based on several factors, such as geographic location, candidate experience and qualifications, market and business considerations. This role is eligible for an annual bonus based on company performance, depending on the terms of the applicable plan and your role. How We'll Take Care of You Total Rewards In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses. Health & Wellness Benefits vary by location but generally include private medical, life, and disability insurance. Inclusive culture and diversity Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship. Learn more about our benefits by region here: Avalara North America What You Need To Know About Avalara We’re Avalara. We’re defining the relationship between tax and tech. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them. We’ve been different from day one. Join us, and your career will be too. We’re An Equal Opportunity Employer Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.