Product Security Engineer - Avalara

Key Responsibilities

• Design, implement, and maintain security tooling for automated code‑scanning and web‑scanning pipelines within the CI/CD environment.
• Integrate static (SAST) and dynamic (DAST) analysis solutions to identify vulnerabilities like XSS, SSRF, RCE, CSRF, and SQL injection early in the SDLC.
• Develop AI‑enhanced detection algorithms and rule sets to improve scan accuracy and reduce false positives.
• Collaborate with development, DevOps, and product teams to remediate findings and embed security best practices into daily workflows.
• Monitor and report on the security posture of applications, providing metrics and recommendations for continuous improvement.

Requirements

• Strong background in application security, including hands‑on experience with SAST and DAST tools.
• Proficiency in building and managing security automation within CI/CD pipelines (e.g., Jenkins, GitHub Actions, Azure DevOps).
• Solid understanding of common web vulnerabilities (OWASP Top 10) and secure coding practices.
• Experience developing or customizing security rules, scripts, or AI‑driven detection models.
• Excellent problem‑solving skills and the ability to communicate security concepts to cross‑functional teams.