Remote Application Security Engineer job at TaxJar

Apply Now

TaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 20,000 businesses. 

We know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To achieve this, we provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, award-winning place to work. We have many different backgrounds and lifestyles, and everything we do is guided by our core values:

  • We do the right thing for our customers
  • We're a team, built on trust
  • We're proud to be remote
  • We're in control of our own destiny

We’re a happy team
and we all really love what we do. We’re fast-growing, fully-distributed, talented, and driven. We live all across the US, working from our homes, local libraries, co-working spaces, airstreams - pretty much anywhere we can and do accomplish great work. We've created a space where high-achievers can succeed, but are also safe to fail. We're profitable and focused on growing TaxJar sustainably, and we believe a diverse team can create better solutions for our customers.

Want to know more about the makeup of our team

TaxJar is a human-first company. 

People are accepted and free to be who they are.

We embrace that diversity, equity, inclusion and belonging are essential sources of creativity and innovation that bring a richness of thinking and experience to the work that is celebrated at TaxJar. Simply put, we care. We will always put people - our team and our customers - first, by supporting our people to do their best work building products our customers love. 

Our formula is simple. We believe we have an elevated level of responsibility in everything we do. This means we empower our team to do the right thing for each other and for our customers, and we do the right thing, even when it's harder. We’ve built a team based on trust, that endeavors to maximize our team members’ individual talents so our workplace creates a sense of meaning and belonging for everyone.

Read our 2020 Diversity, Equity, Inclusion and Belonging report

We’re looking for people who:
  • Are based in the US
  • Value working remotely
  • Excel at communication and collaboration
  • Highly value working with people they like and respect
  • Are open and accountable
  • Are confident with their skills and who love being part of a team (we’re peers here, no egos please) but are also comfortable working asynchronously
  • Want to make a positive impact at TaxJar and who aren’t afraid to fail

TaxJar is looking for an exceptional and highly skilled application security engineer who lives by TaxJar’s values and has a demonstrated track record of securing web applications and the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.

As an Application Security Engineer for TaxJar you will:
  • Proactively perform technical security assessments against TaxJar’s web applications and services
  • Work with software engineers to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline
  • Act as a technical leader for security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed
  • Run the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities
  • Implement cloud security controls in AWS and help automate security processes when appropriate
  • Perform security monitoring, threat analysis, and lead the incident response process
  • Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls

  • 4+ years of experience in Application/Product Security preferably in SaaS
  • 2+ years of experience with Cloud Security in AWS preferred
  • Strong understanding of web application architecture and design principles
  • Hands-on knowledge of security technologies such as WAF, File Integrity Monitoring (FIM), SAST/DAST tools, etc.
  • Working knowledge of common security flaws (such as OWASP Top 10) as well as how to identify and mitigate them
  • Experience with manual secure code review in languages such as: Ruby, Elixir, JavaScript
  • Familiarity with common web application testing tools, such as Burp Suite or Zap, and ability to apply that knowledge to practical testing scenarios
  • Experience leading incident response plans and working with SIEM tools for threat analysis 
  • Knowledge of container security such as Docker and Kubernetes a plus
  • Experience working with operating systems and hardening (Linux, OS X, and Windows) a plus
  • Certifications such as CISSP, GSEC, CEH or CISM a plus
  • Agile, humble, trustworthy, and a team player

  • Excellent health, vision and dental benefits
  • Flexible vacation
  • Company holidays, plus mandatory Birthday holiday
  • 12 weeks paid parental leave for all employees
  • 4 hours volunteer time per month
  • Biannual all-company in person summits (paid for by us, of course!)
  • $250 Home office stipend
  • 401k Plan
  • Equity in a profitable company
  • Monthly perks reimbursement to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)

Please visit for a full list of our amazing benefits for full-time employees, and to learn more about our values and how we work. You can learn more about our hiring process here.

If you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to and add “Candidate Referral - Application Security Engineer” to the subject line once the individual has applied for a role.