Job Description

:
What You';ll Do
Join us in building a secure, scalable, and experienced platform to support Avalara';s expanding business and global customer base. As a Senior Application Security Engineer, you';ll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today';s systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.
You';ll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.
You will report to security leadership at Avalara. This is a remote position.
#LI-Remote
What Your Responsibilities Will Be
Job Responsibilities

• You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.
• You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.
• You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.
• You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.
• Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.
• Promote security by design across the organization, and help foster a security-first culture.
• Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.

What You’ll Need To Be Successful
Required Qualifications

• 8+ years of experience in application security, secure software development, or security engineering.
• Strong programming proficiency in Python and GoLang (hands-on).
• Experience with secure SDLC practices and CI/CD pipeline integration.
• Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.
• Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
• Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.
• Familiarity with Git, modern source control practices, and agile development methodologies.
• Experience working with a broad range of security tools, including:

• Tenable, Wiz (Cloud Security Posture Management)
• Checkmarx, Mend (SAST, SCA)
• Acunetix, Burp Suite (DAST)
• CrowdStrike (EDR/XDR)

• Bachelor';s Degree in Computer Science, Engineering, or a related field.
• Proven experience contributing to security automation efforts within a security organization like Avalara Security.
• Experience with AI/ML tools and frameworks applied to application security or behavior analytics.
• Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.
• Passion for enabling developer-friendly security solutions and maximum automation.

How We’ll Take Care Of You
Total Rewards 
In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses. 
Health &; Wellness 
Benefits vary by location but generally include private medical, life, and disability insurance. 
Inclusive culture and diversity 
Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.
What You Need To Know About Avalara
We’re Avalara. We’re defining the relationship between tax and tech. 
We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world.
We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.
We’ve been different from day one. Join us, and your career will be too.
We’re An Equal Opportunity Employer
Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.