The successful candidate for the Security Engineer (Information Risk management) role will engage in a consulting/security engineering role with both internal clients and Avalara product teams to assess, develop and architect Avalara infrastructure and security operations solutions. The Security Engineer will contribute expertise to infrastructure threat models and design reviews, as well as provide security consulting and security architectural guidance to the Avalara SaaS Operations and Infrastructure teams.
You’ll be responsible for providing guidance and real world mitigation steps to identified information risks. The successful candidate will be required to assess security flaws, determine mitigation strategies and drive fixes to resolution. A thorough understanding of security architectures and experience deploying complex enterprise solutions will be valuable experience for the right candidate.
- Develop, design, architect, and implement security operations solutions, including the development of log correlation/SIEM platforms, Data Loss Prevention (DLP), and Mobile Device Management (MDM) technologies
- Perform technical consulting in the areas of infrastructure and operations security
- Lead or participate in Incident Response, including iterative development, testing, and improvement of existing procedures
- Must be able to work autonomously as well as in team environments, often in stressful, high impact situations
- Demonstrable knowledge of Infrastructure Security Architectures, including on-premises, public/private cloud and hybrid-cloud solutions and datacenter management
- 3+ year’s experience implementing and managing log aggregation and correlation tools, specifically Security Information and Event Management (SIEM) platforms
- Demonstrable knowledge of next-generation firewalls, intrusion detection and prevention systems, vulnerability scanning suites, identity and access management/SSO, virtualization and encryption
- Experience conducting enterprise infrastructure security assessments, designing, deploying infrastructure security solutions required
- Excellent written, verbal and presentation skills are required
- Strong analytical and organizational skills are essential and required
- Experience with a variety of cloud providers such as AWS or Azure, and how to properly design secure architectures
- Experience with identity and access management (IAM) platforms such as Okta or Auth0
- Experience managing Public Key Infrastructure (PKI) or other certificate related services
- An understanding of SSAE18 SOC 1, SOC 2, PCI-DSS, and ISO 27000 standards, plus related assessment methodologies is desired
- CISSP, SANS certifications, technology certifications and other security certifications is a plus
Avalara helps businesses of all sizes achieve compliance with transaction taxes, including sales and use, VAT, excise, communications, and other tax types. The company delivers comprehensive, automated, cloud-based solutions designed to be fast, accurate, and easy to use. The Avalara Compliance Cloud® platform helps customers manage complicated and burdensome tax compliance obligations imposed by state, local, and other taxing authorities throughout the world.
Avalara offers more than 600 pre-built connectors into leading accounting, ERP, ecommerce and other business applications, making the integration of tax and compliance solutions easy for customers. Each year, the company processes billions of indirect tax transactions for customers and users, files more than a million tax returns, and manages millions of tax exemption certificates and other compliance documents.
Headquartered in Seattle, Avalara has offices across the U.S. and overseas in the U.K., Belgium, Brazil, and India. More information at www.avalara.com
Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law.