Headquarters: Remote URL:
TaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 20,000 businesses.
We know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To achieve this, we provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, award-winning place to work. We have many different backgrounds and lifestyles, and everything we do is guided by our core values:
- We do the right thing for our customers
- We're a team, built on trust
- We're proud to be remote
- We're in control of our own destiny
We’re a happy team and we all really love what we do. We’re fast-growing, fully-distributed, talented, and driven. We live all across the US, working from our homes, local libraries, co-working spaces, airstreams - pretty much anywhere we can and do accomplish great work. We've created a space where high-achievers can succeed, but are also safe to fail. We're profitable and focused on growing TaxJar sustainably, and we believe a diverse team can create better solutions for our customers.
We’re looking for people who:
- Are based in the US
- Value working remotely
- Excel at communication and collaboration
- Highly value working with people they like and respect
- Are open and accountable
- Are confident with their skills and who love being part of a team (we’re peers here, no egos please) but are also comfortable working asynchronously
- Want to make a positive impact at TaxJar and who aren’t afraid to fail
TaxJar is looking for an exceptional and highly skilled Security Engineer who lives by TaxJar’s values and has a demonstrated track record of securing the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.
As a Security Engineer for TaxJar you will:
- Proactively perform security assessments and reviews (threat models/code reviews/pentests) against TaxJar’s products and services.
- Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications
- Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities
- Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)
- Be responsible for the Identity access management (IAM) for all users and roles in AWS
- Integrate security best practices into the SDLC process and the CI/CD pipeline
- Act as a technical leader for the security team and work with engineering teams to improve security practices
- Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
- Perform security reviews of the architecture
- Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls
- 4-6 years of experience in Application/Product Security preferably in SaaS
- 2-4 years of experience within Cloud Security in AWS
- Strong understanding of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices
- Pentesting, threat modeling, and architecture review experience
- Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.
- Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must
- Working knowledge of the OWASP Top 10 security risks and remediation techniques
- Previous programming experience in languages such as Python, Ruby, or Elixir
- Experience with operating systems and hardening (Linux, OS X, and Windows) a plus
- Knowledge of container security such as Docker and Kubernetes a plus
- Certifications such as CISSP, GSEC, CEH or CISM highly desired
- Agile, humble, trustworthy, and a team player
- Excellent health, vision and dental benefits
- Flexible vacation
- Company holidays, plus mandatory Birthday holiday
- 12 weeks paid parental leave for all employees
- 4 hours volunteer time per month
- Biannual all-company in person summits (paid for by us, of course!)
- $250 Home office stipend
- 401k Plan
- Equity in a profitable company
- Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)
Please visit www.TaxJar.com/jobs for a full list of our amazing benefits for full-time employees, and to learn more about our values and how we work. You can learn more about our hiring process here.
If you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to firstname.lastname@example.org and add “Candidate Referral - [Job Title]” to the subject line once the individual has applied for a role.