Pen-tester - Product Security

Há 17 horas

Brasil Avalara Brasil Tempo inteiro

Join to apply for the Pen-tester - Product Security role at Avalara Brasil

Join to apply for the Pen-tester - Product Security role at Avalara Brasil

Get AI-powered advice on this job and more exclusive features.

What You'll Do

Avalara's Offensive Security organization is looking for a penetration tester to join our security assessments team. As a member of our in-house pen-test team, your principal mission will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer services. You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering remediation plans, ultimately guiding our product security uplift activities. This is a unique opportunity for an experienced offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Avalara Engineering to make real positive impacts to our security posture, and help us improve our security designs in our next-gen of systems and services.

What Your Responsibilities Will Be

  • Conduct white-box and grey-box offensive penetration testing against Avalara's applications, microservices and web services
  • Conduct network infrastructure, Public Cloud (AWS and GCP), AI, and data-layer offensive pen-testing
  • Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed to support white-box assessments
  • Be a subject matter expert and ambassador to Avalara Engineering for secure coding practices, penetration testing, platform security and all aspects of application and product security
  • Perform any other application security or product security related activities or tasks as needed or directed
  • Validate 3rd party external pen-test and crowd-sourced application security findings and work with our application security team to triage those across to our engineering teams.

What You'll Need To Be Successful
  • An Offensive Security Certified Professional (OSCP) certification
  • 5+ years of security assessment experience
  • Possess a broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
  • Experience with assessing with Cloud-native services, service meshes, and Kubernetes-platform based microservices
  • Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to complete pen-test tasks
  • Be able to think both offensively (like a hacker) and defensively (evaluating product security and design)
  • Ability to create written work product, detailed technical findings documents, and pen-test reports
  • Familiarity with industry-standard threat modelling, risk modelling and vulnerability classification
  • Knowledge of LLM Top-10 and AI hacking experience is a plus

How We'll Take Care Of You

Total Rewards

In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness

Benefits vary by location but generally include private medical, life, and disability insurance.

Inclusive culture and diversity

Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.

What You Need To Know About Avalara

We're defining the relationship between tax and tech.

We've already built an industry-leading cloud compliance platform, processing over 54 billion customer API calls and over 6.6 million tax returns a year. Our growth is real - we're a billion dollar business - and we're not slowing down until we've achieved our mission - to be part of every transaction in the world.

We're bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we've designed, that empowers our people to win. We've been different from day one. Join us, and your career will be too.

We're An Equal Opportunity Employer

Supporting diversity and inclusion is a cornerstone of our company — we don't want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.Seniority level
  • Seniority levelMid-Senior level
Employment type
  • Employment typeFull-time
Job function
  • Job functionQuality Assurance
  • IndustriesSoftware Development

Referrals increase your chances of interviewing at Avalara Brasil by 2x

Sign in to set job alerts for "Product Tester" roles.User Acceptance Testing/QA Senior EngineerJunior Tester - Remote Work | REF#284254Pessoa Especialista em Quality Assurance (Operation a Data and Go)Technical Leader - Latin America - Remote

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

  • Offensive Penetration Tester

    Há 8 horas

    Brasil beBeePenetration Tempo inteiro US$60.000 - US$120.000

    Join Our Penetration Testing TeamWe're seeking an experienced penetration tester to join our security assessments team.About the RoleWe're looking for a skilled offensive pen-tester who can conduct white-box and grey-box testing against our applications, microservices, and web services. As a member of our in-house pen-test team, you'll work closely with our...

  • Tech Lead Manager Security Research Team

    Há 17 horas

    Brasil Tenchi Security Tempo inteiro

    Tech Lead Manager Security Research TeamWe are seeking an experienced and visionary Tech Lead Manager to lead our Security Research team. In this pivotal role, you will be responsible for driving the technical direction, strategy, and execution of cutting-edge security research initiatives that directly impact our product offerings and enhance the security...

  • Accessibility Tester

    Há 6 dias

    Brasil Tonic3 Tempo parcial

    We are looking for a detail-oriented part- time Accessibility Tester to join our team at Tonic3.The ideal candidate will be passionate about creating inclusive digital experiences and ensuring compliance with accessibility standards.Responsibilities:Test digital products for accessibility compliance across web and mobile platforms.Identify, document, and...

  • IT and Information Security Coordinator

    Há 5 dias

    Brasil Tenchi Security Tempo inteiro

    OverviewTenchi is a Cyber Security company that is building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and backed by a solid group of Institutional Investors, we seek to disrupt this rapidly growing industry. Our company is 100% remote and our team is spread across the globe, including...

  • Security Engineer

    Há 7 dias

    Brasil Avenue Code Tempo inteiro

    About The Opportunity We are seeking a About The Opportunity We are seeking a Security Engineer - DevSecOps contractor to support our Product Development teams by maintaining robust security practices and ensuring SOC 2 compliance. This role is key to improving operational efficiency by proactively addressing vulnerabilities, managing infrastructure...

  • Senior Security Governance and Risk Consultant

    Há 4 dias

    Brasil Tenchi Security Tempo inteiro

    Senior Security Governance and Risk ConsultantTenchi is a Cyber Security company that is building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and backed by a solid group of Institutional Investors, we seek to disrupt this rapidly growing industry. Our company is 100% remote and our team...

  • Cloud Security Specialist

    Há 3 dias

    Brasil beBeeSecurity Tempo inteiro R$1.000.000 - R$1.100.000

    Cloud Security Specialist OpportunityWe're looking for a skilled Cloud Security Specialist to join our team. The ideal candidate will have extensive experience in cloud security and be able to provide technical guidance and support throughout the sales cycle.The successful candidate will develop a deep understanding of cloud security products and services,...

  • Cloud Security Specialist

    Há 4 dias

    Brasil beBeeCloud Tempo inteiro R$90.000 - R$120.000

    Job Description:A Cloud Business Development Manager is required to support sales for cloud security products in the Latin America region.The successful candidate will be a senior technical sales person, part of a specialized team, who will work as a business advisor for local channel and accounts teams.

  • Product Lifecycle Manager

    Há 7 dias

    Brasil AireSpring Tempo inteiro

    Company Description**AireSpring **is an award-winning provider of cloud communications and managed connectivity solutions. AireSpring provides next-generation communications solutions including AireContact, AirePBX - Business VoIP Phone Systems, SIP Trunking, MPLS, and Dedicated Internet Access.**AireSpring **has received numerous third-party industry...

  • Security Consultant

    Há 5 horas

    Brasil CloudSEK Tempo inteiro

    We are a bunch of super enthusiastic, passionate, and highly driven people, working to achieve a common goal We believe that work and the workplace should be joyful and always buzzing with energyCloudSEK, one of India's most trusted Cyber security product companies, is on a mission to build the world's fastest and most reliable AI technology that identifies...