Principal Product Security Architect

Avalara aspires to be the global cloud compliance platform. As a Product Security Architect at Avalara, you will design and implement security frameworks and architectures that protect our SaaS product ecosystem. You will work with product development teams and DevOps teams to ensure security is built into our software from the ground up. You will focus on safeguarding the entire product lifecycle, from design through deployment, ensuring that our customers' data and our platform are secure from modern threats. You will report to the Chief Architect. This is an individual contributor role.

1. Architect secure product environments that address security concerns across our SaaS offerings, ensuring the security of all product layers, including application, data, and infrastructure.
2. Develop security standards, guidelines, and best practices for product development teams, ensuring security is integrated into the software development lifecycle (SDLC).
3. Conduct threat modeling and risk assessments for new features to identify and address potential security vulnerabilities.
4. Collaborate with product managers, developers, and DevOps teams to define security requirements and ensure they are incorporated throughout the design process.
5. Perform secure code reviews and work with development teams to establish secure coding practices, including automation of security testing in CI/CD pipelines.
6. Oversee data security and privacy mechanisms, such as encryption, data masking, and anonymization, to ensure compliance with regulatory requirements like GDPR, HIPAA, and others.
7. Lead vulnerability management efforts for products, including monitoring, identifying, and remediating security flaws across services.
8. Establish security monitoring and incident response processes for our SaaS platform, working with DevOps teams to monitor security events and respond to product security incidents.
9. Stay up-to-date with the latest security threats and technologies that impact SaaS platforms, ensuring proactive measures are in place to address new risks.
10. Lead security-related training and awareness projects within the product and engineering teams, helping build a security-first mindset across the organization.

• 4-year Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or related field. Master's degree or security certifications (e.g., CSSLP, CISSP, CCSP).
• 15+ years of experience in software engineering.
• Experience secure software development and building security into product architectures from design to deployment.
• Hands-on experience with cloud environments (AWS, Azure, GCP) and securing cloud-native applications.
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• GIAC Cloud Security Automation (GCSA)

This is a remote role.

Total Rewards: In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness: Benefits vary by location but generally include private medical, life, and disability insurance.

Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and executive sponsorship.

Learn more about our benefits by region here: Avalara North America.

We are defining the relationship between tax and tech. Having built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, we became a billion-dollar business. Our growth is ongoing as we aim to be part of every transaction in the world. We foster a culture of innovation, ownership, and achievement, empowering our people to succeed.

We are an equal opportunity employer.