Senior Application Security Engineer

What You'll Do

Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base.

As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we buildboth in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.

You'll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows.

You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.

Job Responsibilities

• You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.
• You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.
• You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.
• You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.
• Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.
• Promote security by design across the organization, and help foster a security-first culture.
• Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.

What You'll Need to be Successful

Required Qualifications

• 8+ years of experience in application security, secure software development, or security engineering.
• Strong programming proficiency in Python and GoLang (hands-on).
• Experience with secure SDLC practices and CI/CD pipeline integration.
• Strong hands-on experience with Kubernetes, container security, and cloud infrastructure securitypreferably AWS and GCP.
• Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
• Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.
• Familiarity with Git, modern source control practices, and agile development methodologies.
• Experience working with a broad range of security tools, including:
• Tenable, Wiz (Cloud Security Posture Management)
• Checkmarx, Mend (SAST, SCA)
• Acunetix, Burp Suite (DAST)
• CrowdStrike (EDR/XDR)
• Bachelor's Degree in Computer Science, Engineering, or a related field.
• Proven experience contributing to security automation efforts within a security organization like Avalara Security.
• Experience with AI/ML tools and frameworks applied to application security or behavior analytics.
• Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.
• Passion for enabling developer-friendly security solutions and maximum automation.