[Remote] Principal Security Engineer

Note: The job is a remote job and is open to candidates in USA. Avalara is a leading cloud compliance platform company that processes billions of customer API calls and tax returns annually. They are seeking a Principal Security Engineer to lead the design and implementation of security capabilities that enhance their cloud and platform security posture while driving secure practices across engineering teams.

Responsibilities

• Lead the design and implementation of secure-by-default platform capabilities, including authentication, secrets management, encryption, identity controls, and security automation services
• Establish and drive adoption of zero-trust architecture principles, least-privilege access models, and platform security standards across infrastructure and engineering environments
• Serve as the technical lead for Platform Security initiatives, providing direction, prioritization, and technical leadership across multiple teams and stakeholders
• Act as a subject matter expert on threat modeling, software supply chain security, cloud security, infrastructure security, and secure software development practices
• Drive complex, cross-functional security programs with clearly defined milestones, measurable outcomes, and organizational impact
• Develop and execute strategic remediation programs that improve security posture and reduce risk across the enterprise
• Partner with engineering leaders to integrate security capabilities into development platforms, CI/CD systems, and cloud-native architectures
• Evaluate and implement AI-enabled approaches that improve security operations, vulnerability management, and platform protection capabilities
• Mentor engineers and help elevate platform security expertise across the broader engineering organization

Skills

• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Mathematics, or a related technical discipline
• 12+ years of relevant professional experience, including at least 5 years focused on cloud, infrastructure, or platform security
• Strong programming experience in Java, Go, Python, or similar languages used for security automation and platform engineering
• Deep expertise in cloud platform security across AWS, Azure, Google Cloud, or OCI environments
• Expertise in container security, Kubernetes security, service mesh technologies, Infrastructure as Code, and cloud security posture management
• Strong understanding of identity and access management, network security, vulnerability management, runtime security, and software supply chain security
• Proven experience designing and integrating security tooling into CI/CD pipelines, software delivery workflows, and cloud-native platforms
• Experience leading large-scale security initiatives involving multiple engineering teams and stakeholder groups
• Strong communication and technical leadership skills with the ability to influence engineering organizations
• Experience securing large-scale SaaS or cloud-native platforms
• Experience leading platform security or security engineering programs
• Experience with AI-enabled security tooling and emerging AI security technologies
• Security certifications such as CISSP, CCSP, GCSA, or equivalent
• Experience establishing security standards, architecture patterns, and engineering governance practices

Benefits

• Paid time off
• Paid parental leave
• Many Avalara employees are eligible for bonuses
• Private medical, life, and disability insurance
• Avalara strongly supports diversity, equity, and inclusion
• 8 employee-run resource groups, each with senior leadership and exec sponsorship

Company Overview