IT Security and Policy Architect

Security and Compliance Seattle, Washington Durham, North Carolina

Job Summary

Avalara has a world class security team. Join us to make it even better as our new IT Security and Policy Architect. In this role you will have the opportunity to engage with the best and brightest engineers and architects as they build our future application and service capabilities, while ensuring our current generation solutions continue to deliver the trust and reliability our customers expect. If you want to make a big difference in a fast-moving environment without endless meetings, if you want to set your direction instead of having it set for you, if you want to have all of the benefits of startup and an established company, we want to talk to you.

We are looking for a senior level Security Architect that is both an expert in IT Security and in defining corporate wide security policies. This position will report directly to our CSO.  Our ideal candidate has experience working on a variety of platforms and technologies and is passionate about identifying and managing risks. Security can be complex, so you will be responsible to make it simple, with crisp well-defined policies that cover IT, R&D, Production, Data Privacy, Risk Management, and all other aspects of data security. You will craft and enforce these policies while working closely with the teams that will be implementing them. You will provide guidance, training, and support. You will be able to talk tech and business. You will work hard to find the right solution and help teams be successful in meeting these policies.  You love a challenge and collaboration. You are not afraid to dig into the details while working directly with other leaders, architects, and engineers. 

Job Duties

  • Establish and maintain security standards across the various IT, Engineering, and Operations related organizations
  • Develop strategies, and implement tactical approaches to efficiently and effectively address security business needs
  • Drive compliance related initiatives with teams across the organization: Security, Legal, Finance, Customer Support, Engineering, HR, etc.
  • Communicate regularly with leaders and senior management (reports, dashboards, and PowerPoint)
  • Provide training, education, awareness, and communication to groups across the company
  • Identify new security technologies and techniques that will improve the value proposition of the Avalara platform
  • Interact with customers and business partners to understand and respond to their compliance and assurance needs and concerns
  • Collaborate with the Application Security and Engineering Operations teams to implement risk management & privacy projects
  • Assess current infrastructure and propose solutions which would strengthen our current security posture
  • Participate in M&A due diligence and integration processes
  • Track, investigate, and assist in responding to privacy incidents
  • Identify gaps in technical and policy documentation which impact Risk Management functions
  • Plan, execute, and manage relationships with internal and external penetration testing activities and third-party assessors
  • Mentor and support team members across the company on security best practices


  • 10+ years in IT Security or Application Security Engineering
  • 3-5 years of experience in security policy and governance roles
  • 3+ years as a security architect or in a security management function
  • 3+ years of experience securing SaaS production environments
  • Solid experience securing core business technologies (e.g., email, CRM, IM, collaboration tools, mobile devices, file storage and exchange platforms, etc.)
  • Minimum of a bachelor’s degree in computer science or a related field
  • Strong project/program management skills
  • Excellent written, verbal, and presentation skills
  • Experience with Amazon Web Services or other public cloud providers
  • Experience translating legal and contractual requirements into technical controls
  • Domain knowledge of OWASP Top 10 and CWE Top 25
  • Preferred Qualifications
  • Experience in the financial industry
  • Experience with enterprise security tools such as: PKI, MDM, DLP, CASB, and PAM
  • Experience with identity and authentication services such as Okta or Auth0 and protocols like Oauth/SAML
  • Hands on experience assimilating security engineering requirements into a continuous integration/continuous deployment environment
  • Proficiency with one or more of the following programming languages (Java, PHP, C#/.NET, C/C++)
  • Experience with application security tools such as Checkmarx CxSAST, BlackDuck OSS, and HP Fortify
  • Proven communications skills to a variety of audiences, including engineers, Engineering Leadership, and Product Management

About Avalara

Avalara helps businesses of all sizes achieve compliance with transaction taxes, including sales and use, VAT, excise, communications, and other tax types. The company delivers comprehensive, automated, cloud-based solutions designed to be fast, accurate, and easy to use. The Avalara Compliance Cloud® platform helps customers manage complicated and burdensome tax compliance obligations imposed by state, local, and other taxing authorities throughout the world. Avalara offers more than 600 pre-built connectors into leading accounting, ERP, ecommerce and other business applications, making the integration of tax and compliance solutions easy for customers. Each year, the company processes billions of indirect tax transactions for customers and users, files more than a million tax returns, and manages millions of tax exemption certificates and other compliance documents. Headquartered in Seattle, Avalara has offices across the U.S. and overseas in the U.K., Belgium, Brazil, and India. More information at