Principal Security Engineer

As Avalara continues to expand its cloud platform, engineering organization, and AI-enabled capabilities, platform security must scale in a way that enables rapid innovation while maintaining strong security controls. 

This role exists to lead the design, implementation, and adoption of platform-wide security capabilities that embed secure-by-design principles across CI/CD pipelines, cloud infrastructure, and runtime environments. The successful candidate will serve as a technical leader for Platform Security, partnering with Product Engineering, Core Services, and Security teams to establish scalable security patterns, influence technical direction, and reduce infrastructure and software supply chain risk across Avalara’s SaaS platform. 

This role is ideal for a security engineer who combines deep expertise in cloud and platform security with the ability to lead complex initiatives, influence technical strategy, and drive security adoption across multiple engineering organizations. 

How This Role Elevates Avalara 

This role will: 

• →

  Strengthen Avalara’s cloud and platform security posture through scalable security architecture, automation, and engineering enablement. 

• →

  Improve developer productivity by embedding secure-by-default capabilities directly into engineering workflows and platform services. 

• →

  Reduce infrastructure, CI/CD, and runtime risk through proactive security controls, governance, and security engineering best practices. 

• →

  Establish reusable security patterns and guardrails that scale across multiple product and engineering teams. 

• →

  Advance Avalara’s AI-first strategy by developing AI-enabled security capabilities that improve risk detection, prioritization, and response. 

• →

  Raise technical standards across the engineering organization through mentorship, influence, and domain leadership. 

The successful candidate will: 

• →

  Lead the design and implementation of secure-by-default platform capabilities, including authentication, secrets management, encryption, identity controls, and security automation services. 

• →

  Establish and drive adoption of zero-trust architecture principles, least-privilege access models, and platform security standards across infrastructure and engineering environments. 

• →

  Serve as the technical lead for Platform Security initiatives, providing direction, prioritization, and technical leadership across multiple teams and stakeholders. 

• →

  Act as a subject matter expert on threat modeling, software supply chain security, cloud security, infrastructure security, and secure software development practices. 

• →

  Drive complex, cross-functional security programs with clearly defined milestones, measurable outcomes, and organizational impact. 

• →

  Develop and execute strategic remediation programs that improve security posture and reduce risk across the enterprise. 

• →

  Partner with engineering leaders to integrate security capabilities into development platforms, CI/CD systems, and cloud-native architectures. 

• →

  Evaluate and implement AI-enabled approaches that improve security operations, vulnerability management, and platform protection capabilities. 

• →

  Mentor engineers and help elevate platform security expertise across the broader engineering organization. 

12-Month Success Signals 

Within the first 12 months, this technical leader will: 

• →

  Significantly improve automated security coverage across software delivery and cloud infrastructure environments. 

• →

  Reduce vulnerability backlog volume and remediation cycle times through scalable tooling, automation, and process improvements. 

• →

  Establish sustainable vulnerability triage and prioritization processes adopted across engineering teams. 

• →

  Improve signal quality and reduce false positives through contextual analysis and security engineering improvements. 

• →

  Lead the successful delivery of multiple platform-wide security initiatives with measurable risk reduction outcomes. 

• →

  Establish reusable platform security patterns and controls adopted by engineering teams across the organization. 

• →

  Deliver AI-enabled security capabilities that measurably improve vulnerability discovery, prioritization, analysis, or remediation effectiveness. 

AI Bar Raiser Expectations 

At Avalara, all engineers are expected to apply AI in ways that improve business outcomes. As an AI Bar Raiser, this role will help shape how Platform Security leverages AI to improve security effectiveness, operational scale, engineering productivity, and risk reduction across the organization. 

The successful candidate will: 

• →

  Develop and implement AI-enabled approaches that improve vulnerability discovery, prioritization, triage, and remediation workflows. 

• →

  Lead the evaluation and adoption of AI technologies that strengthen platform security capabilities and operational efficiency. 

• →

  Identify opportunities where AI can improve detection, analysis, threat assessment, and security decision-making. 

• →

  Demonstrate measurable improvements in security outcomes through AI-enabled automation and tooling. 

• →

  Promote responsible, secure, and governance-aware use of AI technologies. 

• →

  Mentor others and help establish best practices for AI adoption within Security and Engineering teams. 

Bar Raiser Expectations 

At Avalara, we hire Bar Raisers - leaders who strengthen teams, improve technical standards, and increase organizational capability through their expertise and influence. As a Technical Lead within Platform Security, this role is expected to elevate security engineering practices, strengthen technical decision-making, and improve how security is embedded across the engineering organization. 

The successful candidate will: 

• →

  Demonstrate exceptional ownership and accountability for platform security outcomes. 

• →

  Raise technical standards through architectural leadership, mentorship, and engineering excellence. 

• →

  Influence security and engineering decisions through expertise, credibility, and sound judgment. 

• →

  Drive alignment across teams to implement scalable security solutions and consistent engineering practices. 

• →

  Develop reusable frameworks, patterns, and approaches that improve security maturity across the organization. 

• →

  Strengthen the capabilities of other engineers through coaching, collaboration, and technical leadership. 

• →

  Leave systems, teams, processes, and security programs stronger than they found them. 

Required Qualifications 

• Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Mathematics, or a related technical discipline. 

• 12+ years of relevant professional experience, including at least 5 years focused on cloud, infrastructure, or platform security. 

• Strong programming experience in Java, Go, Python, or similar languages used for security automation and platform engineering. 

• Deep expertise in cloud platform security across AWS, Azure, Google Cloud, or OCI environments. 

• Expertise in container security, Kubernetes security, service mesh technologies, Infrastructure as Code, and cloud security posture management. 

• Strong understanding of identity and access management, network security, vulnerability management, runtime security, and software supply chain security. 

• Proven experience designing and integrating security tooling into CI/CD pipelines, software delivery workflows, and cloud-native platforms. 

• Experience leading large-scale security initiatives involving multiple engineering teams and stakeholder groups. 

• Strong communication and technical leadership skills with the ability to influence engineering organizations. 

Preferred Qualifications 

• Experience securing large-scale SaaS or cloud-native platforms. 

• Experience leading platform security or security engineering programs. 

• Experience with AI-enabled security tooling and emerging AI security technologies. 

• Security certifications such as CISSP, CCSP, GCSA, or equivalent. 

• Experience establishing security standards, architecture patterns, and engineering governance practices.