Senior Application Security Engineer

Description

Sprout Social is looking to hire a Senior Application Security Engineer to the Security team.

Why join Sprouts Security team

Security sits at the intersection of empowering teams to move quickly and mitigating risks to our overall business. We are enablers who strive to hone our unique craft and minimize friction or red tape. Our security team ensures that we are designing platforms implementing tools and building products with security in mind. This team owns the security posture of our entire organization including our development production environments and internal concerns. As a part of this team you are given the space and encouraged to stretch beyond your core function and make a deeper impact on the broader organization. In short the work you do here matters and you feel that day in and day out.

What youll do

• Implement SAST DAST and SCA tooling as part of security hygiene and integrated into CI/CD pipelines
• Ensure that we are designing platforms implementing tools and building products with security in mind.
• Serve as trusted advisor and collaborator to developers to identify new threats attack methods and techniques to develop and prioritize mitigation plans (threat modeling & governance)
• Influence stakeholders to correct security deficiencies in solution design as well as developed code
• Collaborate with partners in infrastructure and engineering to measurably harden monitor and ensure resilience for our cloud-hosted platforms and software development lifecycle.
• Establish manage and own risk based cross-organizational projects and work to continuously improve our security posture
• Integrate with a maturing vulnerability management program to ensure tracking and remediation of security issues.

What youll bring

Were looking for an engineer with passion for working collaboratively with developers and a desire to ensure that software applications are built with the highest level of security. If youre ready to join a dynamic team of developers and security experts and help create software that is secure from the ground up wed love to talk with you!

Qualifications

The minimum qualifications for this role include:

• 3 years of programming and/or DevOps experience and 3 years of information security experience
• Experience performing security testing of an application using Static Application Security testing (SAST) Dynamic Application Security Testing (DAST) and Open Source Analysis (SCA) tooling.
• Experience in reviewing findings from the above tools to analyze false positives and recommend security fixes.
• Demonstrated comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects.

Preferred qualifications for this role include:

• Information security qualification such as CISSP
• GIAC or related certifications related to application pen testing or secure development
• Experience with threat modeling and familiar with using frameworks to guide decision making based on risk tolerance and business objectives
• Experience with technology/tools such as Kubernetes Docker Jenkins Terraform AWS Github etc
• Experience automating security testing into CI/CD pipelines

How youll grow

Within 1 month youll plant your roots including:

• Experiencing Sprouts in-depth onboarding covering everything from our company mission and values hearing directly from executives and founders to deep training on our products and the value that Sprout delivers to our customers
• Making a plan with your manager to set initial priorities align on expectations for your role plant goalposts for your career and learn about Sprouts approach to security
• Meeting Sprouts security stakeholders across the organization
• Learning our existing tooling and begin monitoring the status of our environments
• Collaborating regularly with teammates and members of our infrastructure and development teams and get up to speed on our current and future initiatives
• Getting regular feedback on your approach to managing and engaging our existing risks and security capabilities

Within 3 months youll start hitting your stride by:

• Working with your manager and teammates to create and prioritize quarterly team goals
• Deconstructing larger security projects into smaller more manageable deliverables
• Starting to understand the breadth and depth of technologies and tools under the teams purview
• Reviewing refining and triaging alerts triggered from our IDS vulnerability management toolsand other monitoring platforms
• Participating in Security on-call rotation
• Building connections with members from other teams through active networking and community building to help foster a security-first culture

Within 6 months youll be making a clear impact through:

• Improving the security tooling and telemetry used at Sprout
• Identifying security gaps within our systems present plans to mitigate risks and work with teams to get them prioritized within their workstreams
• Regularly evaluating and reporting security health around our SDLC and providing recommendations
• Having your first performance conversation with your manager where youll discuss your accomplishments in your role and work together to build goals for your professional growth
• Partnering with engineering IT and other teams to continuously improve our ability to deliver reliable and secure services

Within 12 months youll make this role your own by:

• Becoming a go-to expert and security representative within Sprout
• Helping define and build the security roadmap for future work
• Working and effectively communicating with other groups across the organization to ensure big-picture alignment and encourage cross-team collaboration
• Owning cross-organizational projects demonstrating project management skills consensus building and strong leadership
• Contributing to in-house technical presentations employee onboarding and workshops that share your expertise with large groups of Sprout employees
• Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we havent considered yet

Of course what is outlined above is the ideal timeline but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.

Our Benefits Program

Were proud to regularly be recognized for our team product and culture. Our benefits program includes:

• Insurance and benefit options that are built for both individuals and families
• Progressive policies to support work/life balance like our flexible paid time off and parental leave program
• High-quality and well-maintained equipmentyour computer will never prevent you from doing your best
• Wellness initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our program and employee-led diversity equity and inclusion initiatives.
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members
• Beautiful convenient and state-of-the-art offices in Chicagos Loop and downtown Seattle for those who prefer an office setting

Whenever possible Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. Sprout maintains a remote workforce in many places in the United States. However we are not set up in all states so please look at the drop-down box in our application to see whether your state is listed. Few roles require an office setting. If your position requires a physical presence in a Sprout office it will be evident in the job listing and your offer letter.

Individual base pay is based on various factors including work location relevant experience and skills the responsibility of the role and job duties/requirements. In the United States we have two geographic pay zones. For this role our current base pay ranges for new hires are:

• Zone 1 (New York California Washington): $160776 (min) $201000 (mid) $ 241164 (max) USD annually
• Zone 2 (All other US states): $146200 (min) $182700 (mid) $219200 (max) USD annually

The listed ranges represent the full earning potential in this position. Starting salaries for well-qualified new hires are typically around the midpoint of the range. These ranges were determined by a market-based compensation approach; we used data from trusted third-party compensation sources to set equitable consistent and competitive ranges. We also evaluate compensation bi-annually identify any changes in the market and make adjustments to our ranges and existing employee compensation as needed.

Base pay is only one element of an employees total compensation at Sprout. Every Sprout team member has an opportunity to receive restricted stock units (RSUs) under Sprouts equity plan. Employees (and their dependents) are covered by medical dental vision basic life accidental death and dismemberment insurance and Modern Health (a wellness benefit). Employees are able to enroll in Sprouts companys 401k plan in which Sprout will match 50% of your contributions up to 6% with a maximum contribution. Sprout offers Flexible Paid Time Off and ten paid holidays. We have outlined the various components to an employees full compensation package here to help you to understand our total rewards package.

Sprout Social is proud to be an Equal Opportunity Employer. We do not discriminate based on identity- race color religion national origin or ancestry sex (including sexual identity) age physical or mental disability pregnancy veteran or military status unfavorable discharge from military service genetic information sexual orientation marital status order of protection status citizenship status arrest record or expunged or sealed convictions or any other legally recognized protected basis under federal state or local law. Because Sprout Social is a federal contractor we affirmatively recruit individuals with a disability and protected veterans. Learn more about our commitment to diversity equity and inclusion in our latest DEI Report.

If you require a reasonable accommodation for any part of the interview process or to submit your application please email us at Include the nature of your request and your preferred contact information. Well do everything we can to support your success during our recruitment process while upholding your privacy. Please note that only inquiries regarding accommodations will receive a response from this email address; other inquiries will not be addressed (e.g. you send your resume but are not requesting an accommodation).

For more information about our commitment to equal employment opportunity please click here (1) Equal Opportunity Employment Poster and (2) Sprout Socials Affirmative Action Statement.

Additionally Sprout Social participates in the E-Verify program in certain locations as required by law.

#LI-REMOTE