Senior Penetration Testing Manager

O que você fará:

Avalara's Product Security organization is looking for a Penetration Testing Senior Manager to lead our Offensive Security team. In this role you will be responsible for leading a team of highly skilled penetration testers whose mission will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure, data-layer and AI-based services. You will work closely with our engineering groups to define pen-test scope, schedule, lead assessment engagements, and map assessment findings into engineering plans for remediation, ultimately guiding our product security uplift activities. This is a unique opportunity to make real impacts on our overall security posture, define the strategic direction and evolution of our assessments team, and help Engineering improve our security designs for our next generation of systems and services. This role will report to the VP of Product Security.

Quais serão as suas responsabilidades:

• Lead, manage, and develop our geographically distributed offensive security and pen-test team. Mentor and teach junior pen-testers on TTPs
• Manage and organize pen-test preparation and scheduling activities for in-house and out-of-house white-box and grey-box assessment activities.
• Create written assessment reports for both engineering and IT consumers
• Validate, refine, and defend the offensive security team's work product
• Oversee Avalara's responsible disclosure programs (RDP) and bug-bounty programs
• Be a subject matter expert and ambassador to Avalara Engineering in the areas of secure coding practices, penetration testing, and all other aspects of application, AI, and infrastructure security

O que precisa possuir para ser bem sucedido:

• Hold an Offensive Security Certified Professional (OSCP) certification

• 3-5 years of management experience, and 10+ years overall of security assessment experience

• Have a formal knowledge of attack vectors, exploits and mitigations, and be able to verbalize Tactics, Techniques and Procedures (TTPs) related to carrying out security assessments
• Prior experience scoping and performing pen-testing of applications, and microservices based environments, from limited to full scope across a wide range of API & UI technology stacks, public cloud and infrastructure.
• Ability to problems solve and make complex analytical decisions with less than full information in ambiguous situations and environments
• Strong verbal and written English communication skills

Como cuidaremos de você:

Total Rewards

In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness

Benefits vary by location but generally include private medical, life, and disability insurance.

Inclusive culture and diversity

Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.

O que você precisa saber sobre Avalara:

We're defining the relationship between tax and tech.

We've already built an industry-leading cloud compliance platform, processing over 54 billion customer API calls and over 6.6 million tax returns a year. Our growth is real - we're a billion dollar business - and we're not slowing down until we've achieved our mission - to be part of every transaction in the world.

We're bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we've designed, that empowers our people to win. We've been different from day one. Join us, and your career will be too.

We're An Equal Opportunity Employer

Supporting diversity and inclusion is a cornerstone of our company — we don't want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.