Avalara’s Offensive Security organization is looking for a penetration tester to join our security assessments team. As a member of our in-house pen-test team, your principal mission will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer services. You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering remediation plans, ultimately guiding our product security uplift activities. This is a unique opportunity for an experienced offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Avalara Engineering to make real positive impacts to our security posture, and help us improve our security designs in our next-gen of systems and services .
Quais serão as suas responsabilidades
Conduct white-box and grey-box offensive penetration testing against Avalara’s applications, microservices and web services
Conduct network infrastructure, Public Cloud (AWS and GCP), AI, and data-layer offensive pen-testing
Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed to support white-box assessments
Be a subject matter expert and ambassador to Avalara Engineering for secure coding practices, penetration testing, platform security and all aspects of application and product security
Perform any other application security or product security related activities or tasks as needed or directed
Validate 3rd party external pen-test and crowd-sourced application security findings and work with our application security team to triage those across to our engineering teams.
O que precisa possuir para ser bem sucedido
An Offensive Security Certified Professional (OSCP) certification
5+ years of security assessment experience
Possess a broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
Experience with assessing with Cloud-native services, service meshes, and Kubernetes-platform based microservices
Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to complete pen-test tasks
Be able to think both offensively (like a hacker) and defensively (evaluating product security and design)
Ability to create written work product, detailed technical findings documents, and pen-test reports
Familiarity with industry-standard threat modelling, risk modelling and vulnerability classification
Knowledge of LLM Top-10 and AI hacking experience is a plus
Como cuidaremos de você
Total Rewards
In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.
Health & Wellness
Benefits vary by location but generally include private medical, life, and disability insurance.
Inclusive culture and diversity
Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.
O que você precisa saber sobre Avalara
We’re defining the relationship between tax and tech.
We’ve already built an industry-leading cloud compliance platform, processing over 54 billion customer API calls and over 6.6 million tax returns a year. Our growth is real - we're a billion dollar business - and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world.
We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. We’ve been different from day one. Join us, and your career will be too.
We’re An Equal Opportunity Employer
Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.