There’s a person we want to work with.
Thing is, we're not talking about someone specific. In fact, that’s the problem. We’re talking about a set of traits and an attitude, which is scarce! We want security engineers who see things differently; that don't conform to the norm. You’re ready to get the job done, and even surprise us.
There are so many job descriptions for security positions that don't actually capture the essence of the role, we’re writing down what we’re looking for in hopes that this person (you?) is out there:
- You understand that communication is the biggest responsibility of your job, and the one you’re least likely to get right unless you focus on it
- When you take on a task whether it’s huge and scary or tiny and boring, you’re going to see it through to the best of your ability
- You focus on building the most secure applications for our users and protecting our customers’ data
- You are confident with a number application security testing methodologies, threat analysis, and cloud security principles
What we Expect from an Application Security Engineer:
- Proactively perform technical security assessments against TaxJar’s web applications and services
- Work with our software engineers to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline
- Act as a technical leader for security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed
- Run the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities
- Implement cloud security controls in AWS and help automate security processes when appropriate
- Perform security monitoring, threat analysis, and lead the incident response process
- Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls
- 4+ years of experience in Application/Product Security preferably in SaaS
- 2+ years of experience with Cloud Security in AWS preferred
- Strong understanding of web application architecture and design principles
- Hands-on knowledge of security technologies such as WAF, SAST/DAST tools, etc.
- Working knowledge of common security flaws (such as OWASP Top 10) as well as how to identify and mitigate them
- Familiarity with common web application testing tools, such as Burp Suite or Zap, and ability to apply that knowledge to practical testing scenarios
- Experience leading incident response plans and working with SIEM tools for threat analysis
- Experience working with operating systems and hardening (Linux, OS X, and Windows) a plus
- Agile, humble, trustworthy and a team player
It would be great if you have these, too:
- Certifications such as CISSP, GSEC, CEH or CISM
- Knowledge of container security such as Docker and Kubernetes
Please note that we are not able to sponsor any type of international visa at this time.
At TaxJar, we believe a diverse team creates better solutions for our customers. Please read our Diversity statement below:
TaxJar is a human-first company.
People are accepted and free to be who they are
We embrace that diversity, equity, inclusion and belonging are essential sources of creativity and innovation that bring a richness of thinking and experience to the work that is celebrated at TaxJar. Simply put, we care. We will always put people - our team and our customers - first, by supporting our people to do their best work building products our customers love.
Our formula is simple. We believe we have an elevated level of responsibility in everything we do. This means we empower our team to do the right thing for each other and for our customers, and we do the right thing, even when it's harder. We’ve built a team based on trust, that endeavors to maximize our team members’ individual talents so our workplace creates a sense of meaning and belonging for everyone.
TaxJar’s 2020 Diversity, Equity, Inclusion and Belonging report here.
We are committed to providing reasonable accommodations for individuals with disabilities in our job application process. If you need assistance or an accommodation due to a disability, you may contact us at email@example.com
- Excellent health, vision and dental benefits
- Flexible vacation
- Company holidays, plus mandatory Birthday holiday
- 12 weeks paid parental leave for all employees
- 4 hours volunteer time per month
- Biannual all-company in person summits (paid for by us, of course!)
- $250 Home office stipend
- 401k Plan
- Equity in a profitable company
- Monthly perks reimbursement to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)
If you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to firstname.lastname@example.org and add “Candidate Referral - Application Security Engineer” to the subject line once the individual has applied for a role.