Job Summary
Join us in building a secure platform supporting Avalara’s expanding business. In this role you will have the opportunity to engage with the best and brightest security engineers and architects as they build our future security capabilities, while ensuring our current generation solutions continue to protect our organization and our customers. If you want to make a big difference in a fast-moving environment without endless meetings, if you want to set your direction instead of having it set for you, if you want to have all of the benefits of startup and an established company, we want to talk to you.
Our ideal security generalist can speak confidently to security fundamentals and concepts, with experience working on a variety of technologies and is passionate about identifying and managing risks. Our security program is multifaceted, and you will be responsible for ensuring internal and external teams have a world-class experience. You will provide guidance, training, and support. You will be able to talk tech and business. You will work hard to find the right solution, not the first solution. You thrive on challenge and you are not afraid to dig in, all while having fun and not getting too serious.
Job Duties
- Participate in the writing, implementation and continuous improvement of security policies, standards, and procedures.
- Promote and build on outreach/training efforts across the company
- Management of various projects (technical & non-technical), including effective project tracking, issue handling, and follow up
- Design, report, and present security metrics to engineering and other senior leadership
- Respond to security queries from customers or partners
- Perform security assessments on suppliers
- Perform risk based IT audits and assessments
- Participate in Incident Response, including iterative development, testing, and improvement of existing procedures
Qualifications
- Basic to intermediate experience building (scripting) security tools in a corporate environment
- Basic to intermediate knowledge of system administration activities including system hardening and network security
- Demonstrable knowledge of security fundamentals (confidentiality, integrity, availability)
- Excellent written, verbal and presentation skills are required
- Strong analytical and organizational skills are essential and required; experience leading projects highly desired
- Must be able to work autonomously as well as in team environments, often in stressful, high impact situations
Preferred Qualifications
- An understanding of SSAE18 SOC 1, SOC 2, PCI-DSS, and ISO 27000 standards, plus related assessment methodologies is desired
- CISSP, SANS certifications, technology certifications and other security certifications is a plus