Application Security Engineer
Sprout Social is looking for an experienced AppSec engineer to join the team that is responsible for the security posture of our entire organization, including our development, production environments, and internal concerns. As a software company, security is incredibly important to us. Our software is used by more than 20,000 brands around the world. Companies like Evernote, Grubhub, Subaru and Edelman rely on Sprout to create stronger relationships with their customers through social media. Our security team is responsible for ensuring that we are designing platforms, implementing tools and building products with security in mind.
We’re looking for someone who knows more than how to run a commercial application scanning tool: we expect you to know the internals of how web applications and distributed systems work and be able to collaborate with engineers and Security Operations staff to increase the monitoring, reporting and mitigation capabilities of our Security team. You will work closely with our development teams to establish and define application security best practices, perform software architecture and design reviews to elevate the security resilience of our code base. As a cloud-native company, you'll be involved in securing our cloud environments and working with and within SaaS-based tooling.
If you are fluent in risk identification and mitigation and stay up to date on the latest security threats and trends in our industry, we’d love to talk with you!
Within 1 month, you will:
- Complete Sprout’s New Hire training program alongside other new Sprout team members.
- Be introduced to Sprout’s security stakeholders across the organization.
- Learn our existing tooling and begin monitoring the status of our environments.
- Collaborate regularly with members of our infrastructure and development teams and get up to speed on our current and future initiatives.
- Begin to decompose larger security projects into smaller, more manageable deliverables.
- Get regular team feedback on your approach to managing and engaging our existing risks and security capabilities.
Within 3 months, you will:
- Work with your manager and teammates to create and prioritize quarterly team goals.
- Begin to improve our engagement with the larger engineering organization.
- Review, refine and assign alerts triggered by our IDS and other monitoring platforms.
- Build connections with members from other teams through active networking and community building.
Within 6 months, you will:
- Identify security gaps within our processes, present plans to mitigate risks, and work with teams to get them prioritized.
- Generate and improve internal and external security policies and standards.
- Drive internal security and best practice training for our engineers.
- Regularly report on overall security health and recommendations to our technical leadership team.
- Partner with the engineering teams to continuously improve our ability to deliver reliable and secure services.
Within 12 months, you will:
- Be a go-to expert and security representative within Sprout.
- Help define and build the security roadmap for future work.
- Work and effectively communicate with other groups across the organization to ensure big-picture alignment and encourage cross-team collaboration with our GRC framework.
- Own cross-organizational projects, demonstrating project management skills, consensus building, and strong leadership.
- Have opportunities to contribute to in-house technical presentations, employee onboarding, and workshops that share your expertise with large groups of Sprout employees.
- Have opportunities to advocate for Sprout in the larger security community by participating/speaking at conferences, user groups, etc.
- Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we haven’t even considered yet.
Of course, what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.
About Sprout Social
Sprout Social powers open communication between individuals, brands and communities through elegant, sophisticated software. We are relentless about solving hard problems for our customers and committed to both customer and team success.
Team Sprout is a group of very talented, smart and passionate people with broad interests and backgrounds. We believe that true employee engagement cannot happen if you can’t bring your whole self to work, so we’re committed to building a diverse team, embracing an inclusive culture and investing in equity across our organization. That dedication is core to Sprout. We want all candidates, particularly those coming from traditionally underrepresented groups in the technology industry, to know they are welcome at Sprout.
We’re proud to regularly be recognized for software, product and company culture achievements. Our team’s shared belief in Sprout’s mission promotes a culture of openness, empowerment and fun. We have built a benefits program to match the strength of our team. This program includes:
- Insurance and benefit options that are built for both individuals and families, including generous company contributions
- Progressive benefit programs, like our parental leave program and free Divvy bike memberships
- High-quality and well-maintained equipment - your computer will never prevent you from doing your best
- Beautiful, convenient and state-of-the-art offices in Chicago’s Loop
- Solid programs in some of the staples: transportation, disability and life insurance
- Wellness initiatives to ensure both health and financial well-being of our team
- Breakfast and lunch options onsite, and more healthy snack options and beverages than you can imagine
- Growing corporate social responsibility program that is driven by the involvement and passion of our team members