TaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 20,000 businesses.
We know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To achieve this, we provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, award-winning place to work. We have many different backgrounds and lifestyles, and everything we do is guided by our core values:
We do the right thing for our customers
We're a team, built on trust
We're proud to be remote
We're in control of our own destiny
We’re a happy team and we all really love what we do. We’re fast-growing, fully-distributed, talented, and driven. We live all across the US, working from our homes, local libraries, co-working spaces, airstreams - pretty much anywhere we can and do accomplish great work. We've created a space where high-achievers can succeed, but are also safe to fail. We're profitable and focused on growing TaxJar sustainably, and we believe a diverse team can create better solutions for our customers.
We’re looking for people who:
Are based in the US
Value working remotely
Excel at communication and collaboration
Highly value working with people they like and respect
Are open and accountable
Are confident with their skills and who love being part of a team (we’re peers here, no egos please) but are also comfortable working asynchronously
Want to make a positive impact at TaxJar and who aren’t afraid to fail
TaxJar is looking for an exceptional and highly skilled Application Security Engineer who lives by TaxJar’s values and has a demonstrated track record of securing the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.
As an Application Security Engineer for TaxJar you will:
Proactively perform security assessments and reviews (threat models/code reviews/pentests) against TaxJar’s products and services.
Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications
Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities
Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)
Be responsible for the Identity access management (IAM) for all users and roles in AWS
Integrate security best practices into the SDLC process and the CI/CD pipeline
Act as a technical leader for the security team and work with engineering teams to improve security practices
Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
Perform security reviews of the architecture
Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls
4-6 years of experience in Application/Product Security preferably in SaaS
2-4 years of experience within Cloud Security in AWS
Strong understanding of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices
Pentesting, threat modeling, and architecture review experience
Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.
Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must
Working knowledge of the OWASP Top 10 security risks and remediation techniques
Previous programming experience in languages such as Python, Ruby, or Elixir
Experience with operating systems and hardening (Linux, OS X, and Windows) a plus
Knowledge of container security such as Docker and Kubernetes a plus
Certifications such as CISSP, GSEC, CEH or CISM highly desired
Agile, humble, trustworthy, and a team player
Excellent health, vision and dental benefits
Company holidays, plus mandatory Birthday holiday
12 weeks paid parental leave for all employees
4 hours volunteer time per month
Biannual all-company in person summits (paid for by us, of course!)
$250 Home office stipend
Equity in a profitable company
Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)
If you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to email@example.com and add “Candidate Referral - [Job Title]” to the subject line once the individual has applied for a role.