Location: Remote
Reports to: Manager - Security Engineering

Avalara is seeking a Security Engineer – Vulnerability Management to design, develop, and maintain a new internal Vulnerability Management (VM) tool from the ground up. This tool will automate vulnerability detection, assignment, tracking, and resolution across software, hardware, and code vulnerabilities.

This role requires a strong software engineering background, as the selected candidate will be responsible for building the tool from scratch, integrating it with ticketing systems, and ensuring it aligns with Avalara’s security policies and SLA requirements.

This is not a traditional vulnerability analyst role—it blends software engineering, security expertise, and risk management exposure. While candidates may not have expertise in every area, a strong motivation to learn and innovate is key.

Key Responsibilities

• Design & Develop Avalara’s Internal Vulnerability Management Tool – Architect, build, and maintain a scalable, automation-driven vulnerability tracking system.

• Automate Vulnerability Ticketing & Tracking – Integrate the tool with ticketing systems (JIRA, ServiceNow, etc.) to ensure vulnerabilities are assigned to the right teams and closed within SLAs.

• End-to-End Vulnerability Management – Oversee vulnerability tracking for software, hardware, cloud, and infrastructure components.

• Build Scalable & Secure Software – Ensure the tool is built with secure coding practices, optimized for performance, and designed for future scalability.

• Enhance Risk Visibility & Reporting – Develop dashboards and reporting features that provide insights into remediation progress and security risk posture.

• Collaborate with Security & Engineering Teams – Work closely with product and non-product engineering teams to improve security automation and best practices.

• Continuously Improve & Iterate – Refine and enhance the tool based on evolving security requirements and team feedback.

What Makes This Role Unique at Avalara?

• Opportunity to Build a New Security Tool – You will be developing a brand-new vulnerability management system from the ground up.

• Blend of Security & Engineering – This role combines software development, security automation, and vulnerability management in a way that few roles do.

• Automation-Driven Approach – You’ll drive security efficiency by automating vulnerability detection, ticketing, and remediation tracking.

• Centralized Vulnerability Management – Unlike traditional roles, you will manage all types of vulnerabilities—from software and infrastructure to application code and hardware security.

• Room for Growth & Innovation – We value problem solvers and learners who can think critically and take ownership of building security solutions.

• Software Development Expertise – Strong programming skills in Python, GoLang, or Bash.
• Strong understanding of RDBMS and SQL, including database design, normalization, query optimization Experience.
• Experience in Building Security & Automation Tools – Hands-on experience designing and implementing security solutions from scratch.
• Vulnerability Management & Security Tools – Familiarity with Nessus, Qualys, Tenable, or similar.
• Cloud & Infrastructure Knowledge – Experience with AWS, Azure, or GCP and Infrastructure as Code (Terraform, Kubernetes, Docker, etc.).
• CI/CD & Security Ticketing Systems – Knowledge of JIRA, GitHub Actions, Jenkins, or similar tools.
• Risk & Compliance Understanding – Exposure to CVE management, security SLAs, and risk scoring methodologies.

Total Rewards

In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness
Benefits vary by location but generally include private medical, life, and disability insurance.

Inclusive culture and diversity
Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.

Learn more about our benefits by region here: Avalara North America

We’re Avalara. We’re defining the relationship between tax and tech.

We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world.

We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.

We’ve been different from day one. Join us, and your career will be too.

We’re An Equal Opportunity Employer

Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.