Senior Application Security Engineer

Summary

Join Sprout Social's Security team as a Senior Application Security Engineer and contribute to building secure software from the ground up. Implement and integrate SAST, DAST, and SCA tooling into CI/CD pipelines. Collaborate with developers, providing security expertise and guidance. Influence stakeholders to address security deficiencies. Harden and monitor cloud-hosted platforms. Manage risk-based projects to enhance the overall security posture. Integrate with the vulnerability management program to ensure issue tracking and remediation. This role offers opportunities for professional growth and impact within a dynamic team.

Requirements

• 3+ years of programming and/or DevOps experience and 3+ years of information security experience
• Experience performing security testing of an application using Static Application Security testing (SAST), Dynamic Application Security Testing (DAST) and Open Source Analysis (SCA) tooling
• Experience in reviewing findings from the above tools to analyze false positives and recommend security fixes
• Demonstrated comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects

Responsibilities

• Implement SAST, DAST and SCA tooling as part of security hygiene and integrated into CI/CD pipelines
• Ensure that we are designing platforms, implementing tools and building products with security in mind
• Serve as trusted advisor and collaborator to developers to identify new threats, attack methods, and techniques, to develop and prioritize mitigation plans (threat modeling & governance)
• Influence stakeholders to correct security deficiencies in solution design as well as developed code
• Collaborate with partners in infrastructure and engineering to measurably harden, monitor, and ensure resilience for our cloud-hosted platforms and software development lifecycle
• Establish, manage, and own risk based cross-organizational projects and work to continuously improve our security posture
• Integrate with a maturing vulnerability management program to ensure tracking and remediation of security issues

Preferred Qualifications

• Information security qualification such as CISSP
• GIAC or related certifications related to application pen testing or secure development
• Experience with threat modeling and familiar with using frameworks to guide decision making based on risk tolerance and business objectives
• Experience with technology/tools such as Kubernetes, Docker, Jenkins, Terraform, AWS, Github, etc
• Experience automating security testing into CI/CD pipelines

Benefits

• Insurance and benefit options that are built for both individuals and families
• Progressive policies to support work/life balance, like our flexible paid time off and parental leave program
• High-quality and well-maintained equipment—your computer will never prevent you from doing your best
• Wellness initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our Grow@Sprout program and employee-led diversity, equity, and inclusion initiatives
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members
• Beautiful, convenient, and state-of-the-art offices in Chicago’s Loop and downtown Seattle, for those who prefer an office setting
• Whenever possible, Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. Sprout maintains a remote workforce in many places in the United States. However, we are not set up in all states, so please look at the drop-down box in our application to see whether your state is listed. Few roles require an office setting. If your position requires a physical presence in a Sprout office, it will be evident in the job listing and your offer letter
• Employees (and their dependents) are covered by medical, dental, vision, basic life, accidental death, and dismemberment insurance, and Modern Health (a wellness benefit)
• Employees are able to enroll in Sprout’s company’s 401k plan, in which Sprout will match 50% of your contributions up to 6% with a maximum contribution
• Sprout offers “Flexible Paid Time Off” and ten paid holidays