Application Security Engineer
Avalara
- Pune, Maharashtra
- Permanent
- Full-time
Job Duties
- Setting strategic direction for application security within Avalara, including processes, tools, metrics, and reporting
- Performing code and design reviews of internal and customer-facing software products and solutions
- Providing training, education, awareness, and communication to development and engineering groups
- Guiding the Product teams to remediate the vulnerabilities.
- Designing, developing, and implementing software development policies, standards, procedures, and technical controls
- Managing security tooling infrastructure and configuration
- Guide and mentor, the junior Application Security Engineers
- Bachelor's Degree in Computer Science, Engineering, or related field
- 4 - 8 years of experience performing manual code review and threat modeling.
- 4 - 8 years of experience with SCA, SAST, DAST application security tools
- Deep technical knowledge and experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10
- Experience working with a variety of development tools, languages, and environments, including Python, Go Lang, Terraform, .NET, Java, PHP, Node.js
- Experience working with cloud orchestration technologies like Docker, Kubernetes & IAC
- Experience working with a variety of cloud providers including AWS & GCP
- Experience working in a multi-tenant SaaS environment, service-oriented architecture, and web service security.
- Experience with agile software development processes and methodologies
- Experience developing and securing applications in AWS.
- Good to have security certifications including CISSP, CSSLP, GIAC & AWS
- Knowledge of regulatory and compliance standards including SOC 2, ISO 27001 & GDPR
- Hands on experience in a continuous integration/continuous deployment (CI/CD) environment