Sr. Security Incident Responder (R2177)

Engineering | Seattle, WA, United States,Durham, NC, United States

Apply Now!

Avalara, Inc., (, is the leading provider of cloud-based software that delivers a broad array of compliance solutions related to sales tax and other transactional taxes.

What is it like to work at Avalara? Come find out!  We are committed to the following success traits that embody our culture and how we work together to accomplish great things:  Fun. Passion. Adaptability. Urgency. Simplicity. Curiosity. Humility. Ownership. Optimism.

We are building cloud-based tax compliance solutions to handle every transaction in the world. Imagine every transaction you make - every tank of gas, cup of coffee, or pair of sneakers, every movie ticket, or streamed song, every sensor-to-sensor ping. Nearly every time you make a purchase, physical or digital, there is an accompanying unique and nuanced tax compliance calculation.

We are seeking a highly motivated, experienced Sr. Security Incident Responder to join our team.

The successful candidate for the Security Incident Responder role will execute Avalara's Incident Response plan and lead Avalara through a variety of incidents. Using a variety of tools and technologies conduct thorough security investigations including but not limited to threat hunting, eDiscovery/digital forensics, application and network log analysis, etc. You will work with world class staff and tools to identify, monitor, and address attacks and malware, while participating in a next-generation security organization. This senior position will guide others and drive security solutions relevant to security content and attack patterns.

You'll be responsible for providing guidance and building real world mitigation steps to identified information risks. The successful candidate will be required to assess security flaws, determine mitigation strategies and drive fixes to resolution. You will apply your strong enterprise IT background by analyzing data from Avalara's ecosystem of tools, systems, and architectures to assist in incident response, threat hunting, and data analysis. This role involves critical responsibilities within Incident Response procedures that must continue to be performed during crisis situations.

Job Duties:

  • Execute Avalara's Incident Response plan and lead Avalara through a variety of incidents (i.e., breaches, malware/virus outbreaks, security incidents, and forensics investigations). Provide guidance on tactical and strategic response and remediation recommendations.
  • Adopt and apply Containment, Mitigation, and Remediation concepts based on TTP's.
  • Communicate IR situation reports clearly and succinctly to all levels of the business; write incident reports and participate in postmortem activities
  • Provide critical input and decision support to shape threat detection (new methods & tuning) and prevention controls.
  • Perform live response, malware analysis, volatile data collection and analysis on hosts and/or network data.
  • Correlate and analyze Windows, Linux to identify Indicators of Compromise (IOCs).
  • Conduct network forensics (TCIP/IP) and other traffic analysis; conduct other digital forensic investigations
  • Document and develop tools and processes to assist SOC and SIRT personnel in log collection and analysis
  • Participate in cyber security and industry related groups


  • Minimum 5 years experience in incident response or digital forensics
  • Must have a deep technical capability in at least one of the following: Red team/blue team, Security Operations/Incident Response, Research/Threat Detection, Threat Hunting, Development, Malware analysis, DFIR
  • Working experience with security operations and incident response concepts required
  • Familiarity with MITRE ATT&CK and other detection frameworks
  • Working knowledge of REST, JSON, SOAP, ODBC, XML, CSV, other formats and the ability to leverage existing scripts, drivers, and SDKs
  • Excellent written, verbal and presentation skills are essential and required
  • Must be able to work autonomously as well as in team environments, often in stressful, high impact situations
  • Hold an active certification or equivalent of one or more of the following: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM)

Preferred Qualifications:

  • Prior experience working in a 24/7 Security Operations Center and using SIEM tools
  • Hands on experience using AccessData FTK is highly desired
  • Experience executing Threat Hunting engagements and familiarity with its techniques, tools, and operational procedures
  • Experience designing and participating in incident response preparedness exercises (tabletop and red team engagements)

About Avalara

Avalara helps businesses of all sizes achieve compliance with transactional taxes, including VAT, sales and use, excise, communications, and other tax types. We deliver comprehensive, automated, cloud-based solutions that are fast, accurate, and easy to use.

Avalara offers hundreds of pre-built connectors into leading accounting, ERP, ecommerce and other business applications. Each year, the company processes billions of tax transactions for customers and users, files hundreds of thousands of tax compliance documents and tax returns and manages millions of exemption certificates and other compliance related documents.

Avalara’s headquarters are in Seattle, WA and it has offices across the U.S. and in Brighton and London, England; Brussels, Belgium; and Pune, India. More information at:

Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law.

Apply Now!