What You'll DoAs the Senior Engineering Manager for Product Security, you will be responsible for leading and managing teams across Adversarial Engineering, DevSecOps, Vulnerability Management and AppSec domains. Your primary focus will be to ensure the security and resilience of our products by developing robust security strategies, overseeing their implementation, and driving security initiatives across these critical areas. You will collaborate closely with cross-functional teams to integrate security into every aspect of our product development lifecycle.
Job Duties
Key Responsibilities
Leadership And Team Management
- Lead, mentor, and manage teams responsible for:
- DevSecOps Team: Security Improvement implementation, Ransomware Recovery, Gitlab Pipeline Security, Secure Containers/Baselines/K8s, Secret detection
- AppSec Team: AppSec Tooling, Threat Modeling, Regulatory Support, Security Consulting, Security assessments, Customer Enablement, security approvals for releases
- Vulnerability Management Program: Risk Assessments, Security control Automation, Vulnerability Management Tooling, Vulnerability Disclosure Program, Validations, Security Grading
- Foster a collaborative and inclusive team environment, promoting open communication and knowledge sharing.
- Conduct regular performance reviews, set clear goals and expectations, and provide constructive feedback to team members.
Security Strategy
- Define and drive the overall security strategy for the DevSecOps, and AppSec teams.
- Ensure security considerations are integrated into product roadmaps and development plans.
Security Testing And Validation
- Coordinate and oversee security testing activities, including code reviews and security assessments.
- Implement and manage automated security testing tools and frameworks.
- Conduct security validations measure the effectiveness of security programs and initiatives.
Collaboration And Communication
- Work closely with development, operations, and product teams to integrate security into the software development lifecycle (SDLC).
- Collaborate with other engineering managers to ensure security best practices are followed across all projects.
- Communicate security risks and issues to stakeholders in a clear and concise manner.
Metrics And Reporting
- Develop and maintain security metrics to measure the effectiveness of security programs and initiatives.
- Provide regular reports on security status, and improvements to senior leadership.
- Present security metrics and updates to stakeholders.
Budget And Resource Management
- Manage the security budget for your teams, ensuring efficient allocation of resources to security projects and initiatives.
- Identify and procure security tools, technologies, and services to enhance the security posture.
- Ensure the teams are adequately staffed and equipped to meet security objectives.
What You'll Need to be Successful
Qualifications
- Bachelor’s or master’s degree in computer science, Information Security, or a related field.
- At least 8-10 years of experience in cybersecurity, with a focus on product security.
- Proven experience in managing and leading security teams.
- Strong knowledge of security principles, practices, and technologies.
- Experience with security risk assessments, threat modeling, and vulnerability management.
- Familiarity with relevant security standards and regulations (e.g., ISO 27001, NIST).
- Excellent project management skills, with the ability to prioritize and manage multiple projects simultaneously.
- Strong problem-solving and analytical skills, with a keen attention to detail.
- Excellent communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.
Preferred Qualifications
- Experience in a fast-paced, agile development environment.
- Knowledge of cloud security and secure software development practices.
- Experience with security tools and technologies (e.g., SCA, DAST/SAST).
- Understanding of DevSecOps principles and practices.
About The Team
The product security team is a group of industry security experts who are driven to make our products as secure as possible.How We'll Take Care of YouTotal RewardsIn addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.Health & WellnessBenefits vary by location but generally include private medical, life, and disability insurance.Inclusive culture and diversityAvalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.Flexible hybrid workingWe support hybrid work and flexible schedules for our employees.Learn more about our benefits by region here: https://careers.avalara.com/
About Avalara
We’re Avalara. We’re defining the relationship between tax and tech.We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year.Last year, we became a billion-dollar business
, and our tribe expanded by a cool thousand people - there’s nearly 5,000 of us now. Our growth is real, and we’re not slowing down - not until we’ve achieved our mission - to be part of every transaction in the world.We’re bright, innovative and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.We’ve been different from day one. Join us, and your career will be too.
EEO Statement
We’re an Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.
