Description
Sprout Social is looking to hire an Application Security Engineer to the IT team.
Why join Sprout’s IT team?
Sprout’s Corporate IT team is a combination of adjacent squads working on projects under one umbrella. This unique structure is an exciting opportunity to grow your career in technology with exposure to projects all across our discipline—something you don’t see often in other organizations. It allows us to move quickly and collaborate with minimal friction or red tape. As a part of this team, you’re also given the space and encouraged to stretch beyond your core function, and make a deeper impact on the broader organization. In short, the work you do here matters, and you feel that day in and day out.
What you’ll do
- Conduct automated and manual testing of our web applications, micro-services, APIs, infrastructure, and other properties to identify vulnerabilities
- Work with engineering teams to complete targeted reviews of new features at key points of the software development lifecycle
- Work with development teams to transparently build security checks into the CI/CD pipeline
- Oversee our bug bounty program. Set scope, triage submissions, coordinate escalations to engineering teams, and reward bounties. Cultivate relationships with the ethical hacker community.
- Identify metrics that can help measure effectiveness of controls, gaps in coverage, need for head count, and trends in findings.
- Effectively communicate with others in the organization about open security risks, contributing factors to and prioritization of those risks to collaboratively develop new security standards and reference architectures
- Participate in a security on-call schedule and help support operational work related to your focus area
- Establish yourself as a technical expert and foster a security-first culture through education, skill development, and implementation of effective processes and practices
What you’ll bring
These are the minimum qualifications that our hiring team is looking for in this role:
- 3+ years of experience performing security assessments for a variety of systems, applications, APIs, and proprietary technology to secure cloud-based and containerized environments
- Advanced knowledge and understanding in various disciplines: web application security, mobile app security, network security, operating system internals and hardening, applied cryptography, cloud computing. (You're expected to be an expert in at least one of these areas.)
- Experience writing and maintaining code in at least one common programming language such as Python, Go, Javascript, etc and a desire to continue learning
- Experience with manual and automated software testing, fuzzing, static/dynamic code analysis, and manual code reviews
Additionally, these are the preferred qualifications that would indicate a particularly strong candidate:
- Experience leading “shift left” efforts to transparently build security into the software development lifecycle and implement pragmatic defenses
- Familiarity with technology/tools such as Kubernetes, Docker, Jenkins, Terraform, AWS, Github, etc
- Experience managing a vulnerability management program, performing documenting threat modeling processes, and an expert in determining the severity of a vulnerability to the business.
- Strong verbal and written communication, and the ability to tailor your message to audiences across and beyond the organization
- Have experience building security tools, scripts, and automation
- Have familiarity with AI/ML security risks such as data poisoning, model extraction, adversarial examples, etc. and mitigations
- Certifications such as GWAPT, eWPT/eWPTx, OSCP, OSWA, CISSP, or other relevant certifications are highly preferred.
How you’ll grow
Within 1 month, you will have:
- Experienced Sprout’s in-depth onboarding, covering everything from our company mission and values, hearing directly from executives and founders, to deep training on our products and the value that Sprout delivers to our customers
- Made a plan with your manager and colleagues to set initial priorities, align on expectations for your role, plant goalposts for your career, and learn about Sprout’s approach to security
- Learned our existing tooling and begin monitoring the status of our environments
- Begun collaborating regularly with teammates and get up to speed on our current and future initiatives
- Begun receiving feedback on your approach to managing and engaging our existing risks and security capabilities
Within 3 months, you will have:
- Have worked with teammates to create and prioritize team quarterly objectives and key results
- Begun deconstructing larger security projects into smaller, more manageable deliverables
- Started fully understanding the breadth and depth of technologies and tools under the team’s purview
- Evaluated and triage alerts triggered from our monitoring platforms
- Participate in Security on-call rotation
- Build connections with members from other teams through active networking and community building to help foster a security-first culture
Within 6 months, you will have:
- Measurably improved the security tooling and telemetry used at Sprout
- Examples of security gaps identified within our systems, plans documented to mitigate identified risks, and work prioritized within various team’s workstreams
- Improved upon internal and external security policies and standards
- Created standard reports on security health and recommendations based on KRI and other measurable metrics
- Completed your first semi-annual performance review with your manager, where you’ll discuss your accomplishments in your role and work together to build goals/objectives and personal key results for your professional growth
Within 12 months, you will have:
- Become a go-to expert and application security representative within Sprout
- Become a trusted partner in the creation of the security roadmap for future work
- Effectively communicated with partners across the organization to ensure big-picture alignment and encourage cross-team collaboration
- Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we haven’t considered yet
Of course, what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.
Our Benefits Program
We’re proud to regularly be recognized for our team, product and culture. Our benefits program includes:
- Insurance and benefit options that are built for both individuals and families
- Progressive policies to support work/life balance, like our flexible paid time off and parental leave program
- High-quality and well-maintained equipment—your computer will never prevent you from doing your best
- Wellness initiatives to ensure both health and mental well-being of our team
- Ongoing education and development opportunities via our Grow@Sprout program and employee-led diversity, equity and inclusion initiatives.
- Growing corporate social responsibility program that is driven by the involvement and passion of our team members
- Beautiful, convenient and state-of-the-art offices in Chicago’s Loop and downtown Seattle, for those who prefer an office setting
Whenever possible, Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. Sprout maintains a remote workforce in many places in the United States. However, we are not set up in all states, so please look at the drop-down box in our application to see whether your state is listed. Few roles require an office setting. If your position requires a physical presence in a Sprout office, it will be evident in the job listing and your offer letter.
The base pay range for this role is $120,000 - $140,000 USD annually. Individual base pay is based on various factors, including relevant experience and skills, the responsibility of the role, and job duties/requirements. In addition to base pay, some Sales and Success roles can earn sales incentives.
Sprout’s compensation ranges are intentionally broad to allow for our team members' growth within their role. These ranges were determined by a market-based compensation approach; we used data from trusted third-party compensation sources to set equitable, consistent and competitive ranges. We also evaluate compensation bi-annually, identify any changes in the market and make adjustments to our ranges and existing employee compensation as needed.
Base pay is only one element of an employee's total compensation at Sprout. Every Sprout team member has an opportunity to receive restricted stock units (RSUs) under Sprout’s equity plan. Employees (and their dependents) are covered by medical, dental, vision, basic life, accidental death, and dismemberment insurance, and Modern Health (a wellness benefit). Employees are able to enroll in Sprout’s company’s 401k plan, in which Sprout will match 50% of your contributions up to 6% with a maximum contribution. Sprout offers “Flexible Paid Time Off” and ten paid holidays. We have outlined the various components to an employee’s full compensation package here to help you to understand our total rewards package.
Sprout Social is proud to be an Equal Opportunity Employer and an Affirmative Action Employer. We do not discriminate based on identity- race, color, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavorable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged or sealed convictions, or any other legally recognized protected basis under federal, state, or local law. Learn more about our commitment to diversity, equity and inclusion in our latest DEI Report.
If you need a reasonable accommodation for any part of the employment process, please contact us by email at accommodations@sproutsocial.com and let us know the nature of your request and your contact information. We'll do all we can to ensure you're set up for success during our interview process while upholding your privacy, including requests for accommodation. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.
For more information about our commitment to equal employment opportunity, please click here (1) Equal Opportunity Employment Poster (2) Sprout Social's Affirmative Action Statement (3) Pay Transparency Statement.
When you apply for employment with Sprout Social, we will process your job applicant data, including your employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions. Your personal data will be shared with Greenhouse Software, Inc., and Crosschq, Inc., cloud services providers located in the United States of America and engaged by Sprout Social to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, by clicking “Submit Application” on this site, you consent to the transfer of your personal data to the United States. For more information about our privacy practices please visit our Privacy Policy. California residents have additional rights and should review the Additional Disclosures for California Residents section in our Privacy Policy.
Additionally, Sprout Social participates in the E-Verify program in certain locations, as required by law.
#LI-REMOTE