Senior Manager, Application Security
Join us in building a secure platform supporting Avalara’s expanding business. In this role you will have the opportunity to develop Avalara’s Application Security strategy while leading a team of security engineers ensuring our products continue to deliver the trust and reliability our customers expect.
You’ll be responsible for providing guidance and real world mitigation steps to identified application security risks. The successful candidate will be required to develop teams while determining mitigation strategies and drive fixes to resolution. A thorough understanding of security architectures and experience deploying complex enterprise solutions will be valuable experience for the right candidate.
- Responsible for development, oversight of implementation, and ongoing operation of Application Security Engineering and secure SDLC
- Mentor, coach, develop and support team members of the Application Security group
- Partner with key technical teams and stakeholders to organize and facilitate security workflow and process automation alignment
- Expose consistent, intuitive analytics allowing Engineering teams to rapidly iterate on their products
- Establish and maintain governance for security standards across the various engineering-related organizations
- Help set a broad direction, put together a strategy, and implement tactical approaches to efficiently and effectively address business and engineering needs
- Plan and execute penetration testing activities and manage relationship with third party assessors
- 5+ years of experience leading, managing & developing high performance security teams
- 7+ years of progressive experience within a software security team or similar operating environment
- Proven expertise in developing and implementing processes, process integration and process changes
- Excellent security engineering aptitude and the ability to provide technical mentorship and guidance
- Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques
- Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organization
- Strong interpersonal skills with the ability to build solid working relationships with peers and senior leadership
- BA/BS in computer science, information security, related discipline, or equivalent work experience
- Experience with application security tools such as Checkmarx CxSAST, BlackDuck OSS, or HP Fortify
- Experience with identity and authentication services such as Okta or Auth0 and protocols like OAuth or SAML
- Hands on experience assimilating security engineering requirements into a continuous integration/continuous deployment environment
- Conceptual knowledge of the following regulations or frameworks: SOC 1/2, ISO 27000 series, GDPR and relevant data privacy regulations, NIST, COBIT, PCI, SOX, HIPAA
- CISSP, SANS certifications, technology certifications and other security certifications is a plus
The perks of working at Avalara go beyond amazing physical spaces and a Tiki Bar. We’re committed to continued progress in diversity and inclusion. As an employee at Avalara, you’ll have the opportunity to join resource groups focused on diversity of thought, engage with your local or global community about topics that matter to you and the organization and receive continued education around inclusion and development. As Avalara grows, so do the voices within it. It’s time to hear your voice.
Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, sex, age, gender, nation of origin, disability, sexual orientation, US Veteran status, or any other factor protected by law. We thrive on diversity and encourage people from all walks of life to apply to Avalara’s open positions.