Application Security Engineer in Seattle, WA

$80K - $100K(Ladders Estimates)

Avalara   •  

Seattle, WA 98160

Industry: Enterprise Technology

  •  

5 - 7 years

Posted 57 days ago

This job is no longer available.

Our ideal application security engineer has experience working on a variety of platforms and technologies and is passionate about identifying and managing risks. Security can be complex, so you will be responsible to make it simple, but make its impact significant in our engineering organizations. You will provide guidance, training, and support. You will be able to talk tech and business. You will work hard to find the right solution, not the first solution. You thrive on challenge and you are not afraid to dig in, all while having fun and not getting too serious.

Job Duties

  • Setting strategic direction for application security within Avalara, including processes, tools, metrics, and reporting
  • Performing code and design reviews of internal and customer-facing software products and solutions
  • Providing training, education, awareness, and communication to development and engineering groups
  • Developing and implementing manual and automated security tests
  • Designing, developing, and implementing software development policies, standards, procedures, and technical controls
  • Participating in penetration testing activities, managing relationships with third party assessors
  • Participating in incident handling and response
  • Participating in M&A due diligence and integration processes

Qualifications

  • 5+ years' experience performing manual code review and analysis
  • 5+ years' experience with application security tools such as HP Fortify, Checkmarx CxSAST, or BlackDuck OSS
  • Deep technical knowledge and experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10
  • Experience working with a variety of development tools, languages, and environments, including .NET, Java, PHP, Node.js, Ember, SQL Server, and Amazon Web Services
  • Experience working in a multi-tenant SaaS environment, service-oriented architecture and web service security
  • Experience with agile software development processes and methodologies
  • Working knowledge of source code repositories including Git
  • Experience developing and securing applications in AWS

Preferred Qualification

  • Bachelor's Degree in Computer Science, Engineering, or related field
  • Experience working with web vulnerability scanners such as Acunetix WVS or NTO Spider
  • Security certifications including CISSP, CSSLP, and GIAC GWAPT
  • Knowledge of regulatory and compliance standards including PCI, SSAE18 SOC 1/2, SOX, and GDPR
  • Hands on experience in a continuous integration/continuous deployment environment

Valid Through: 2019-9-17