Senior WAF Engineer (R2159)

Security and Compliance Seattle, Washington Remote, United States


Avalara, Inc., (www.Avalara.com), is the leading provider of cloud-based software that delivers a broad array of compliance solutions related to sales tax and other transactional taxes.

What is it like to work at Avalara? Come find out!  We are committed to the following success traits that embody our culture and how we work together to accomplish great things:  Fun. Passion. Adaptability. Urgency. Simplicity. Curiosity. Humility. Ownership. Optimism.

We are building cloud-based tax compliance solutions to handle every transaction in the world. Imagine every transaction you make - every tank of gas, cup of coffee, or pair of sneakers, every movie ticket, or streamed song, every sensor-to-sensor ping. Nearly every time you make a purchase, physical or digital, there is an accompanying unique and nuanced tax compliance calculation.

We are seeking a highly motivated, experienced Senior WAF Engineer to join our team.


Job Duties

  • Partner with Product Security, SaaS Operations, and Engineering teams to evaluate, select, and implement WAF services at scale
  • Work with Engineering teams to coordinate WAF onboarding, explaining and coordinating any architectural or configuration changes required to support WAF deployment
  • Develop new SIEM content (Securonix Snypr) for Security Operations personnel including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize the importance of WAF events
  • Document and develop tools and processes to assist SOC and SIRT personnel in incident response, log collection, and review
  • Alleviate time-consuming SOC analyst tasks and improve SOC processes through Security Orchestration, Automation and Response (SOAR)
  • Develop actionable information in the form of technical indicators, reports, lists, rules, signatures, or signals and warnings

Qualifications

  • 7-10+ years as a Security Engineer with strong Application Security experience
  • Extensive hands on/configuration experience with Web Application Firewalls (Akamai, Imperva, CloudFlare, etc.)
  • Extensive experience with responding to WAF events and developing incident response plans
  • Experience configuring SIEM alerts based on WAF events and correlating them to backend server logs
  • Experience with modern web applications frameworks, their security requirements, and layer 7 attack mitigations (OWASP/SANS)
  • Strong proficiency in AWS and other public cloud platforms
  • Strong scripting skills (bash, python, ruby, Go, etc.)
  • Proficiency with security tools like WhiteSource, Checkmarx, Acunetix, Burp Suite Professional, and/or other application security tools
  • Working knowledge of REST API testing and related tools
  • Working knowledge of JSON, XML, http headers and related REST API authentication / authorization approaches
  • Knowledge of Web Application delivery, CDNs/WAFs, forward and reverse proxies, etc.
  • Excellent written, verbal and presentation skills are essential and required
  • Must be able to work autonomously as well as in team environments, often in stressful, high impact situations

Preferred Qualifications

  • Experience with the Securonix or other SIEMs is highly desired
  • Knowledge of security triage and incident handling workflow
  • Familiarity with effective visualizations and dashboarding fundamentals
  • CISSP, SANS technology certifications and other security certifications is a plus

About Avalara

Avalara helps businesses of all sizes achieve compliance with transactional taxes, including VAT, sales and use, excise, communications, and other tax types. We deliver comprehensive, automated, cloud-based solutions that are fast, accurate, and easy to use.

Avalara offers hundreds of pre-built connectors into leading accounting, ERP, ecommerce and other business applications. Each year, the company processes billions of tax transactions for customers and users, files hundreds of thousands of tax compliance documents and tax returns and manages millions of exemption certificates and other compliance related documents.

Avalara’s headquarters are in Seattle, WA and it has offices across the U.S. and in Brighton and London, England; Brussels, Belgium; and Pune, India. More information at: www.avalara.com

Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law.

Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law.