Senior Application Security Engineer

Job description

Description

Sprout Social is looking to hire a Senior Application Security Engineer to the Security team.

Why join Sprout’s Security team?

Security sits at the intersection of empowering teams to move quickly and mitigating risks to our overall business. We are enablers who strive to hone our unique craft and minimize friction or red tape. Our security team ensures that we are designing platforms, implementing tools and building products with security in mind. This team owns the security posture of our entire organization, including our development, production environments, and internal concerns. As a part of this team, you are given the space and encouraged to stretch beyond your core function and make a deeper impact on the broader organization.  In short, the work you do here matters, and you feel that day in and day out.

What you’ll do

• Implement SAST, DAST and SCA tooling as part of security hygiene and integrated into CI/CD pipelines
• Ensure that we are designing platforms, implementing tools and building products with security in mind.
• Serve as trusted advisor and collaborator to developers to identify new threats, attack methods, and techniques, to develop and prioritize mitigation plans (threat modeling & governance)
• Influence stakeholders to correct security deficiencies in solution design as well as developed code
• Collaborate with partners in infrastructure and engineering to measurably harden, monitor, and ensure resilience for our cloud-hosted platforms and software development lifecycle.
• Establish, manage, and own risk based cross-organizational projects and work to continuously improve our security posture
• Integrate with a maturing vulnerability management program to ensure tracking and remediation of security issues.

What you’ll bring

We’re looking for an engineer with passion for working collaboratively with developers and a desire to ensure that software applications are built with the highest level of security. If you’re ready to join a dynamic team of developers and security experts, and help create software that is secure from the ground up, we’d love to talk with you!

Qualifications

The minimum qualifications for this role include:

• 3+ years of programming and/or DevOps experience and 3+ years of information security experience
• Experience performing security testing of an application using Static Application Security testing (SAST), Dynamic Application Security Testing (DAST) and Open Source Analysis (SCA) tooling.
• Experience in reviewing findings from the above tools to analyze false positives and recommend security fixes.
• Demonstrated comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects.

Preferred qualifications for this role include:

• Information security qualification such as CISSP
• GIAC or related certifications related to application pen testing or secure development
• Experience with threat modeling and familiar with using frameworks to guide decision making based on risk tolerance and business objectives
• Experience with technology/tools such as Kubernetes, Docker, Jenkins, Terraform, AWS, Github, etc
• Experience automating security testing into CI/CD pipelines

How you’ll grow

Within 1 month, you’ll plant your roots, including:

• Experiencing Sprout’s in-depth onboarding, covering everything from our company mission and values, hearing directly from executives and founders, to deep training on our products and the value that Sprout delivers to our customers
• Making a plan with your manager to set initial priorities, align on expectations for your role, plant goalposts for your career, and learn about Sprout’s approach to security
• Meeting Sprout’s security stakeholders across the organization
• Learning our existing tooling and begin monitoring the status of our environments
• Collaborating regularly with teammates and  members of our infrastructure and development teams and get up to speed on our current and future initiatives
• Getting regular feedback on your approach to managing and engaging our existing risks and security capabilities

Within 3 months, you’ll start hitting your stride by:

• Working with your manager and teammates to create and prioritize quarterly team goals
• Deconstructing larger security projects into smaller, more manageable deliverables
• Starting to understand the breadth and depth of technologies and tools under the team’s purview
• Reviewing, refining and triaging alerts triggered from our IDS, vulnerability management tools,and other monitoring platforms
• Participating in Security on-call rotation
• Building connections with members from other teams through active networking and community building to help foster a security-first culture

Within 6 months, you’ll be making a clear impact through:

• Improving the security tooling and telemetry used at Sprout
• Identifying security gaps within our systems, present plans to mitigate risks, and work with teams to get them prioritized within their workstreams
• Regularly evaluating and reporting security health around our SDLC and providing recommendations
• Having your first performance conversation with your manager, where you’ll discuss your accomplishments in your role and work together to build goals for your professional growth
• Partnering with engineering, IT and other teams to continuously improve our ability to deliver reliable and secure services

Within 12 months, you’ll make this role your own by:

• Becoming a go-to expert and security representative within Sprout
• Helping define and build the security roadmap for future work
• Working and effectively communicating with other groups across the organization to ensure big-picture alignment and encourage cross-team collaboration
• Owning cross-organizational projects, demonstrating project management skills, consensus building, and strong leadership
• Contributing to in-house technical presentations, employee onboarding, and workshops that share your expertise with large groups of Sprout employees
• Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we haven’t considered yet

Of course what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.

Our Benefits Program

We’re proud to regularly be recognized for our team, product and culture. Our benefits program includes:

• Insurance and benefit options that are built for both individuals and families
• Progressive policies to support work/life balance, like our flexible paid time off and parental leave program
• High-quality and well-maintained equipment—your computer will never prevent you from doing your best
• Wellness initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our Grow@Sprout program and employee-led diversity, equity, and inclusion initiatives.
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members
• Beautiful, convenient, and state-of-the-art offices in Chicago’s Loop and downtown Seattle, for those who prefer an office setting

Whenever possible, Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. Sprout maintains a remote workforce in many places in the United States. However, we are not set up in all states, so please look at the drop-down box in our application to see whether your state is listed. Few roles require an office setting. If your position requires a physical presence in a Sprout office, it will be evident in the job listing and your offer letter.

Individual base pay is based on various factors, including work location, relevant experience and skills, the responsibility of the role, and job duties/requirements. In the United States, we have two geographic pay zones. For this role, our current base pay ranges for new hires are:

• Zone 1 (New York, California, Washington): $160,776 (min), $201,000 (mid), $ 241,164 (max) USD annually
• Zone 2 (All other US states): $146,200 (min), $182,700 (mid), $219,200 (max) USD annually

The listed ranges represent the full earning potential in this position. Starting salaries for well-qualified new hires are typically around the midpoint of the range. These ranges were determined by a market-based compensation approach; we used data from trusted third-party compensation sources to set equitable, consistent, and competitive ranges. We also evaluate compensation bi-annually, identify any changes in the market and make adjustments to our ranges and existing employee compensation as needed.

Base pay is only one element of an employee’s total compensation at Sprout. Every Sprout team member has an opportunity to receive restricted stock units (RSUs) under Sprout’s equity plan. Employees (and their dependents) are covered by medical, dental, vision, basic life, accidental death, and dismemberment insurance, and Modern Health (a wellness benefit).  Employees are able to enroll in Sprout’s company’s 401k plan, in which Sprout will match 50% of your contributions up to 6% with a maximum contribution. Sprout offers “Flexible Paid Time Off” and ten paid holidays. We have outlined the various components to an employee’s full compensation package here to help you to understand our total rewards package.

Sprout Social is proud to be an Equal Opportunity Employer. We do not discriminate based on identity - race, color, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavorable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged or sealed convictions, or any other legally recognized protected basis under federal, state, or local law. Because Sprout Social is a federal contractor, we affirmatively recruit individuals with a disability and protected veterans. Learn more about our commitment to diversity, equity and inclusion in our latest DEI Report.

If you require a reasonable accommodation for any part of the interview process or to submit your application, please email us at [email protected]. Include the nature of your request and your preferred contact information. We’ll do everything we can to support your success during our recruitment process while upholding your privacy. Please note that only inquiries regarding accommodations will receive a response from this email address; other inquiries will not be addressed (e.g., you send your resume but are not requesting an accommodation).

For more information about our commitment to equal employment opportunity, please click here (1) Equal Opportunity Employment Poster and (2) Sprout Social’s Affirmative Action Statement.

When you apply for employment with Sprout Social, we will process your job applicant data, including your employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions. Your personal data will be shared with Greenhouse Software, Inc., and Crosschq, Inc., cloud services providers located in the United States of America and engaged by Sprout Social to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, by clicking “Submit Application” on this site, you consent to the transfer of your personal data to the United States. For more information about our privacy practices please visit our Privacy Policy. California residents have additional rights and should review the Additional Disclosures for California Residents section in our Privacy Policy.

Additionally, Sprout Social participates in the E-Verify program in certain locations, as required by law.

#LI-REMOTE