We know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To do that, we have to start internally. At TaxJar, we aim to provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, and extraordinary place to work.
We’re fast-growing, fully-distributed, talented, driven, and love what we do. We live all across the US, working from our homes, coworking spaces, coffee shops — even a boat! We have many different backgrounds and lifestyles, and everything we do is guided by our core values. We recruit from a varied pool of candidates, as we believe that a diverse team can create better solutions for our customers.
General overview of the project(s)
TaxJar is looking for an exceptional and highly skilled Security Engineer who lives by TaxJar’s values and has a demonstrated track record of securing the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.
Proactively perform security assessments and reviews (threat models/code reviews/pentests) against TaxJar’s products and services.
Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications
Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities
Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)
Be responsible for the Identity access management (IAM) for all users and roles in AWS
Integrate security best practices into the SDLC process and the CI/CD pipeline
Act as a technical leader for the security team and work with engineering teams to improve security practices
Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
Perform security reviews of the architecture
Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls
4-6 years of experience in Application/Product Security preferably in SaaS
2-4 years of experience within Cloud Security in AWS
Strong understanding of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices
Pentesting, threat modeling, and architecture review experience
Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.
Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must
Working knowledge of the OWASP Top 10 security risks and remediation techniques
Previous programming experience in languages such as Python, Ruby, or Elixir
Experience with operating systems and hardening (Linux, OS X, and Windows) a plus
Knowledge of container security such as Docker and Kubernetes a plus
Certifications such as CISSP, GSEC, CEH or CISM highly desired
Agile, humble, trustworthy, and a team player
Excellent health, vision and dental benefits
Company holidays, plus mandatory Birthday holiday
12 weeks paid parental leave for all employees
4 hours volunteer time per month
Biannual all-company in person summits (paid for by us, of course!)
$250 Home office stipend
Equity in a profitable company
Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)