About TaxBit

TaxBit is helping to drive mainstream adoption of digital assets by connecting the consumer, enterprise, and government tax and accounting ecosystems. 

Our Software-as-a-Service platform streamlines our customers’ reporting experience across traditional and digital asset classes. We are trusted in this work by thousands of consumers, leading exchanges and enterprises, government agencies (including the IRS), respected accounting firms, and others to solve complex accounting problems at scale and ensure compliance with the latest tax laws. TaxBit investors include Paradigm, Tiger Global, PayPal Ventures, Winklevoss Capital, Coinbase Ventures, and other leading crypto investors. Our team is located in Salt Lake City, UT and Seattle, WA.

If you’re searching for a company that’s dedicated to your growth, recognizes your unique contribution, and provides a fun, flexible and inclusive work environment, then TaxBit is the place for you. We’re looking for team members ready to join a hyper growth company and are excited to work at the forefront of an entirely new industry. 

The Role

The Principal Application Security Engineer is an integral part of the growing Security organization of TaxBit, Inc. This position plays a pivotal role in the design, development, implementation, and maintenance of the security posture of TaxBit’s application portfolio and services. The Application Security Engineer partners with Engineering teams to provide guidance on security design for applications, threat modeling, and application architecture. This position reports into the Director of Security.

What You’ll Do

• Partner with Engineering teams in the creation and maintenance of application architecture plans, roadmaps, and designs
• Perform security review of source code, 
• Partner with Engineering teams to define and document application security requirements for TaxBit applications
• Perform manual and automated security testing of source code
• Educate engineering teams on secure coding techniques and security best practices
• Participate in the development of security policies, standards, and procedures
• Able to identify application vulnerabilities and advise on appropriate remediation
• Manage the annual penetration test engagement with third party firms

What You’ll Need

• 8+ years of software development and/or application security experience
• Experience with security testing tools (BurpSuite, Zap, etc.)
• Experience with AWS cloud infrastructure and security best practices
• Knowledge and understanding of OWASP Top 10
• Assist the dev team with CVSS score/severity so high severity vulnerabilities are prioritized appropriately and fixed in a timely manner
• Ability to write scripts to automate work (Python, bash, etc.)
• Experience with any of the following technologies: Containers, BitBucket, SAST and DAST tools
• Working knowledge of a scripting language (e.g., Python)
• Experience with managing application Bug Bounty programs
• Extensive experience conducting application pen tests, and/or coordinating application pen tests with a qualified technical vendor

Nice to Have

• Knowledge in at least one of the following programming languages: JavaScript, Python, Clojure, Bash
• Strong experience in auditing secure cloud configuration and securing cloud environments
• Strong experience with CI/CD pipelines
• Pertinent certifications in web application pen testing and/or secure development: GWAPT, GPEN, OSCP, eWPT, eCPPT