Sprout Social is looking for an experienced AppSec engineer to join the team that is responsible for the security posture of our entire organization, including our development, production environments, and internal concerns. As a software company, security is incredibly important to us. Our software is used by more than 25,000 brands around the world. Companies like Tuft & Needle, Havas, Make-a-Wish Foundation, Indiana University, and the Chicago Bulls rely on Sprout to create stronger relationships with their customers through social media. Our security team is responsible for ensuring that we are designing platforms, implementing tools and building products with security in mind.
We’re looking for someone who knows more than how to run a commercial application scanning tool: we expect you to know the internals of how web applications and distributed systems work and be able to collaborate with engineers and Security Operations staff to increase the monitoring, reporting and mitigation capabilities of our Security team. You will work closely with our development teams to establish and define application security best practices, perform software architecture and design reviews to elevate the security resilience of our code base. As a cloud-native company, you'll be involved in securing our cloud environments and working with and within SaaS-based tooling.
If you are fluent in risk identification and mitigation and stay up to date on the latest security threats and trends in our industry, we’d love to talk with you!
These are the minimum qualifications that our hiring team is looking for in this role:
- 2+ years developing and supporting software
- Experience with secure coding principles and best practices for web applications
- Experience with manual and automated software testing, fuzzing, static/dynamic code analysis, and manual code reviews
- Experience with threat modeling and using frameworks to guide decision making based on risk tolerance and business objectives
Within 1 month, you will:
- Complete Sprout’s New Hire training program alongside other new Sprout team members.
- Be introduced to Sprout’s security stakeholders across the organization.
- Learn our existing tooling and begin monitoring the status of our environments.
- Collaborate regularly with members of our infrastructure and development teams and get up to speed on our current and future initiatives.
- Begin to decompose larger security projects into smaller, more manageable deliverables.
- Get regular team feedback on your approach to managing and engaging our existing risks and security capabilities.
Within 3 months, you will:
- Work with your manager and teammates to create and prioritize quarterly team goals.
- Begin to improve our engagement with the larger engineering organization.
- Review, refine and assign alerts triggered by our IDS and other monitoring platforms.
- Build connections with members from other teams through active networking and community building.
Within 6 months, you will:
- Identify security gaps within our processes, present plans to mitigate risks, and work with teams to get them prioritized.
- Generate and improve internal and external security policies and standards.
- Drive internal security and best practice training for our engineers.
- Regularly report on overall security health and recommendations to our technical leadership team.
- Partner with the engineering teams to continuously improve our ability to deliver reliable and secure services.
Within 12 months, you will:
- Be a go-to expert and security representative within Sprout.
- Help define and build the security roadmap for future work.
- Work and effectively communicate with other groups across the organization to ensure big-picture alignment and encourage cross-team collaboration with our GRC framework.
- Own cross-organizational projects, demonstrating project management skills, consensus building, and strong leadership.
- Have opportunities to contribute to in-house technical presentations, employee onboarding, and workshops that share your expertise with large groups of Sprout employees.
- Have opportunities to advocate for Sprout in the larger security community by participating/speaking at conferences, user groups, etc.
- Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we haven’t even considered yet.
Of course, what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.
About Sprout Social
Sprout Social powers open communication between individuals, brands and communities through elegant, sophisticated software. We are relentless about solving hard problems for our customers and committed to both customer and team success. Our team’s shared belief in Sprout’s mission promotes a culture of openness, empowerment and fun.
We’re proud to regularly be recognized for our team, product and culture. Our benefits program includes:
- Insurance and benefit options that are built for both individuals and families
- Progressive policies to support work/life balance, like our flexible paid time off and parental leave program
- High-quality and well-maintained equipment—your computer will never prevent you from doing your best
- Wellness initiatives to ensure both health and mental well-being of our team
- Ongoing education and development opportunities via our [email protected] program, employee-led diversity, equity and inclusion initiatives and mentorship programs for aspiring leaders
- Growing corporate social responsibility program that is driven by the involvement and passion of our team members
- Beautiful, convenient and state-of-the-art offices in Chicago’s Loop and downtown Seattle, for those who prefer an office setting
Whenever possible, Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. For those that prefer an office setting, this role may be based in our Chicago or Seattle locations. If you prefer to work from your home, we can accommodate that for many locations across the United States. We are not set up in all states, however, so please take a look at the drop down box in our application to see whether your state is listed.
Sprout Social is proud to be an Equal Opportunity Employer and an Affirmative Action Employer. We do not discriminate based on identity- race, color, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavorable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged or sealed convictions, or any other legally recognized protected basis under federal, state, or local law. Learn more about our commitment to diversity, equity and inclusion in our 2020 DEI Report.
If you need a reasonable accommodation for any part of the employment process, please contact us by email at [email protected] and let us know the nature of your request and your contact information. We'll do all we can to ensure you're set up for success during our interview process while upholding your privacy, including requests for accommodation. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.
For more information about our commitment to equal employment opportunity, please click here (1) Equal Opportunity Employment Poster (2) Sprout Social's Affirmative Action Statement (3) Pay Transparency Statement.
Additionally, Sprout Social participates in the E-Verify program in certain locations, as required by law.