Senior Application Security Engineer

Description

Sprout Social is looking to hire a Senior Application Security Engineer to the Security team.

Why join Sprout’s IT team?

Sprout’s Corporate IT team is a combination of adjacent squads working on projects under one umbrella. This unique structure is an exciting opportunity to grow your career in technology with exposure to projects all across our discipline—something you don’t see often in other organizations. It allows us to move quickly and collaborate with minimal friction or red tape. As a part of this team, you’re also given the space and encouraged to stretch beyond your core function, and make a deeper impact on the broader organization. In short, the work you do here matters, and you feel that day in and day out. 

What you’ll do

• Ensure that we are designing platforms, implementing tools and building products with security in mind. 
• Serve as trusted advisor and collaborator to developers, providing guidance on security best practices and helping them to understand the importance of security in the software development process.
• Leverage your knowledge of distributed systems to work and collaborate with engineers and IT staff to increase the protective, monitoring, reporting and mitigation capabilities of the Security team. 
• Establish, manage, and own risk based cross-organizational projects and work to continuously improve our security posture

What you’ll bring

We’re looking for an engineer with passion for working collaboratively with developers and a desire to ensure that software applications are built with the highest level of security. If you're ready to join a dynamic team of developers and security experts, and help create software that is secure from the ground up, we’d love to talk with you!

Qualifications

The minimum qualifications for this role include:

• 3+ years of programming and/or DevOps experience and 3+ years of information security experience
• Experience with Java, Python, JavaScript, PHP, HCL (Terraform) or Go
• Familiarity with technology/tools such as Kubernetes, Docker, Jenkins, Terraform, AWS, Github, etc
• Experience with manual and automated software testing, fuzzing, static/dynamic code analysis, and manual code reviews

Preferred qualifications for this role include:

• Information security qualification such as CISSP 
• Experience with threat modeling and familiar with using frameworks to guide decision making based on risk tolerance and business objectives

How you’ll grow

Within 1 month, you’ll plant your roots, including:

• Experiencing Sprout’s in-depth onboarding, covering everything from our company mission and values, hearing directly from executives and founders, to deep training on our products and the value that Sprout delivers to our customers
• Making a plan with your manager to set initial priorities, align on expectations for your role, plant goalposts for your career, and learn about Sprout’s approach to security
• Meeting Sprout’s security stakeholders across the organization
• Learning our existing tooling and begin monitoring the status of our environments
• Collaborating regularly with teammates and  members of our infrastructure and development teams and get up to speed on our current and future initiatives
• Getting regular feedback on your approach to managing and engaging our existing risks and security capabilities
  

Within 3 months, you’ll start hitting your stride by:

• Working with your manager and teammates to create and prioritize quarterly team goals
• Deconstructing larger security projects into smaller, more manageable deliverables
• Starting to understand the breadth and depth of technologies and tools under the team’s purview
• Reviewing, refining and triaging alerts triggered from our IDS, vulnerability management tools,and other monitoring platforms
• Participating in Security on-call rotation
• Building connections with members from other teams through active networking and community building to help foster a security-first culture

Within 6 months, you’ll be making a clear impact through:

• Improving the security tooling and telemetry used at Sprout
• Identifying security gaps within our systems, present plans to mitigate risks, and work with teams to get them prioritized within their workstreams
• Regularly evaluating and reporting security health around our SDLC and providing recommendations
• Having your first performance conversation with your manager, where you’ll discuss your accomplishments in your role and work together to build goals for your professional growth
• Partnering with engineering, IT and other teams to continuously improve our ability to deliver reliable and secure services

Within 12 months, you’ll make this role your own by:

• Becoming a go-to expert and security representative within Sprout
• Helping define and build the security roadmap for future work
• Working and effectively communicating with other groups across the organization to ensure big-picture alignment and encourage cross-team collaboration
• Owning cross-organizational projects, demonstrating project management skills, consensus building, and strong leadership
• Contributing to in-house technical presentations, employee onboarding, and workshops that share your expertise with large groups of Sprout employees
• Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we haven’t considered yet

Of course what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager

Our Benefits Program

We’re proud to regularly be recognized for our team, product and culture. Our benefits program includes:

• Insurance and benefit options that are built for both individuals and families
• Progressive policies to support work/life balance, like our flexible paid time off and parental leave program 
• High-quality and well-maintained equipment—your computer will never prevent you from doing your best
• Wellness initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our Grow@Sprout program and  employee-led diversity, equity and inclusion initiatives.
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members
• Beautiful, convenient and state-of-the-art offices in Chicago’s Loop and downtown Seattle, for those who prefer an office setting

Whenever possible, Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. Sprout maintains a remote workforce in many places in the United States. However, we are not set up in all states, so please look at the drop-down box in our application to see whether your state is listed. Few roles require an office setting. If your position requires a physical presence in a Sprout office, it will be evident in the job listing and your offer letter.

The base pay range for this role is $120,000.00 - $180,000.00 USD annually. Individual base pay is based on various factors, including relevant experience and skills, the responsibility of the role, and job duties/requirements. In addition to base pay, some Sales and Success roles can earn sales incentives. 

Sprout’s compensation ranges are intentionally broad to allow for our team members' growth within their role. These ranges were determined by a market-based compensation approach; we used data from trusted third-party compensation sources to set equitable, consistent and competitive ranges. We also evaluate compensation bi-annually, identify any changes in the market and make adjustments to our ranges and existing employee compensation as needed.

Base pay is only one element of an employee's total compensation at Sprout. Every Sprout team member has an opportunity to receive restricted stock units (RSUs) under Sprout’s equity plan. Employees (and their dependents) are covered by medical, dental, vision, basic life, accidental death, and dismemberment insurance, and Modern Health (a wellness benefit).  Employees are able to enroll in Sprout’s company’s 401k plan, in which Sprout will match 50% of your contributions up to 6% with a maximum contribution. Sprout offers “Flexible Paid Time Off” and ten paid holidays. We have outlined the various components to an employee’s full compensation package here to help you to understand our total rewards package.

Sprout Social is proud to be an Equal Opportunity Employer and an Affirmative Action Employer. We do not discriminate based on identity- race, color, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavorable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged or sealed convictions, or any other legally recognized protected basis under federal, state, or local law. Learn more about our commitment to diversity, equity and inclusion in our latest DEI Report.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at accommodations@sproutsocial.com and let us know the nature of your request and your contact information. We'll do all we can to ensure you're set up for success during our interview process while upholding your privacy, including requests for accommodation. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about our commitment to equal employment opportunity, please click here (1) Equal Opportunity Employment Poster  (2) Sprout Social's Affirmative Action Statement (3) Pay Transparency Statement. 

When you apply for employment with Sprout Social, we will process your job applicant data, including your employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions. Your personal data will be shared with Greenhouse Software, Inc., and Crosschq, Inc., cloud services providers located in the United States of America and engaged by Sprout Social to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, by clicking “Submit Application” on this site, you consent to the transfer of your personal data to the United States. For more information about our privacy practices please visit our Privacy Policy. California residents have additional rights and should review the Additional Disclosures for California Residents section in our Privacy Policy.

Additionally, Sprout Social participates in the E-Verify program in certain locations, as required by law. 

#LI-REMOTE