Job
Description
What You'll Do Job Title: Security Automation Engineer Integrated Engineering Systems Location: #LI-Hybrid Eligibility: 23years of software engineering experience Avalara is looking for a Security Automation Engineer to join our Integrated Engineering Systems team. In this role, youll build and scale automated security tooling and integrate scanning pipelines into Avalaras core engineering systems. You will work closely with platform engineers, product teams, and DevSecOps to design scalable services and analytics dashboards that detect, track, and remediate vulnerabilities. This role is perfect for engineers who are passionate about security through automation , scaling secure development practices, and enabling teams to build safer software faster. What Your Responsibilities Will Be Design, develop, and maintain microservices and security automation pipelines that integrate into Avalaras CI/CD and engineering systems. Build tools and services in GoLang to automate SAST, DAST, and SCA scanning workflows. Build internal tooling to identify gaps in security coverage, automate remediation recommendations. Partner with service owners to provide secure development guidance, build remediation playbooks, and enforce policy via automation. Implement dashboards using Snowflake, Hex, and Grafana to ingest and analyse security data, monitor pipeline health and provide real-time visibility into scan reliability and security metrics for both engineering teams and leadership. What You'll Need to be Successful Core Qualifications B.Tech or B.E in Computer Science, Engineering, Math, or a related technical discipline. 25 years of software engineering experience, with 2 years of direct experience in platform security or DevSecOps teams. Proficiency in Golang, Python, Java, or .NET, with ability to write clean, secure, and maintainable code. Understanding of OWASP Top 10, CWE Top 25, and secure software development practices. Experience with integrating and operating SAST, DAST, and SCA tools in CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab). Knowledge of AWS or GCP security services and infrastructure-as-code best practices. Preferred Bonus Qualifications: Proven hands-on experience with Snowflake, Hex, and Grafana to build observability dashboards with alerts and SLA tracking. Security certifications.
