What You'll Do Avalara aspires to be the global cloud compliance platform. As a Product Security Architect at Avalara, you will design and implement security frameworks and architectures that protect our SaaS product ecosystem. You will work with product development teams and DevOps teams to ensure security is built into our software from the ground up. You will focus on safeguarding the entire product lifecycle, from design through deployment, ensuring that our customers' data and our platform are secure from modern threats. You will report to Chief Architect. This is an individual contributor role. What Your Responsibilities Will Be Architect secure product environments that address security concerns across our SaaS offerings, ensuring the security of all product layers, including application, data, and infrastructure. Develop security standards, guidelines, and best practices for product development teams, ensuring security is integrated into the software development lifecycle (SDLC). Conduct threat modeling and risk assessments for new features to identify and address potential security vulnerabilities. Collaborate with product managers, developers, and DevOps teams to define security requirements and ensure they are incorporated throughout the design process. Perform secure code reviews and work with development teams to establish secure coding practices, including automation of security testing in CI/CD pipelines. Oversee data security and privacy mechanisms, such as encryption, data masking, and anonymization, to ensure compliance with regulatory requirements like GDPR, HIPAA, and others. Lead vulnerability management efforts for products, including monitoring, identifying, and remediating security flaws across services. Establish security monitoring and incident response processes for our SaaS platform, working with DevOps teams to monitor security events and respond to product security incidents. Stay up-to-date with the latest security threats and technologies that impact SaaS platforms, ensuring proactive measures are in place to address new risks. Lead security-related training and awareness projects within the product and engineering teams, helping build a security-first mindset across the organization. What You'll Need To Be Successful 4 year Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or related field. Master's degree or security certifications (e.g., CSSLP, CISSP, CCSP) 15+ years of experience in software engineering. Experience secure software development and building security into product architectures from design to deployment. Hands-on experience with cloud environments (AWS, Azure, GCP) and securing cloud-native applications Certified Secure Software Lifecycle Professional (CSSLP) Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) GIAC Cloud Security Automation (GCSA)
