Staff Adversarial Engineer
Join us in building a secure platform supporting Avalara's expanding business. In this role you will have the opportunity to test our systems, applications, and controls to identify vulnerabilities, ensuring our solutions continue to deliver the trust and reliability our customers expect. If you want to make a big difference in a fast-moving environment without endless meetings, if you want to set your direction instead of having it set for you, if you want to have all of the benefits of startup and an established company, we want to talk to you.
Our ideal adversarial engineer has experience working on a variety of platforms and technologies and is passionate about identifying and managing risks. Security can be complex, so you will be responsible to make it simple, but make its impact significant in our engineering organizations. You will provide guidance, training, and support. You will be able to talk tech and business. You will work hard to find the right solution, not the first solution. You thrive on challenge and you are not afraid to dig in, all while having fun and not getting too serious.
• Performing manual penetration testing and red teaming activities to identify and report vulnerabilities
• Setting strategic direction for application security within Avalara, including processes, tools, metrics, and reporting
• Performing code and design reviews of internal and customer-facing software products and solutions
• Providing training, education, awareness, and communication to development and engineering groups
• Designing, developing, and implementing software development policies, standards, procedures, and technical controls
• Participating in incident handling and response
• Participating in M&A due diligence and integration processes
• A combination of education and experience equivalent to a bachelor's degree and 12+ years of related experience.
• 5+ years' experience performing manual penetration testing or red teaming
• 5+ years' experience with penetration testing tools such as Burp Suite, Metasploit, Faraday, and the suite of Kali Linux tools
• Deep technical knowledge and experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10
• Experience working with a variety of development tools, languages, and environments, including .NET, Java, PHP, Node.js, SQL Server, and Amazon Web Services
• Experience working in a multi-tenant SaaS environment, service-oriented architecture and web service security
• Experience with agile software development processes and methodologies
• Working knowledge of source code repositories including Git
• Experience developing and securing applications in AWS
• Security certifications including OSCP, eCPPT, GPEN, and GWAPT
• Understanding of container security and infrastructure-as-code concepts, especially Terraform and Kubernetes
• Knowledge of regulatory and compliance standards including PCI, SSAE18 SOC 1/2, SOX, and GDPR
• Hands on experience in a continuous integration/continuous deployment environment
Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law.