Security Engineer

Job Description

Sprout Social is looking for an experienced security engineer to join the team that is responsible for the security posture of our entire organization, including our development, production environments, and internal concerns. As a software company, security is incredibly important to us. Our software is used by more than 20,000 brands around the world. Companies like Dropbox, Zendesk, Fender, Zipcar and Evernote rely on Sprout to create stronger relationships with their customers through social media. Our security team is responsible for ensuring that we are designing platforms, implementing tools and building products with security in mind.

We’re looking for someone who knows more than how to run a commercial application scanning tool: we expect you to know the internals of how web applications and distributed systems work and be able to collaborate with engineers and IT staff to increase the monitoring, reporting and mitigation capabilities of our Security Operations team. You will help establish a risk based pipeline, manage and own cross-organizational projects and work to continuously improve our security posture. As a cloud native company, you'll be involved in securing our cloud environments and working with SaaS-based tooling. You'll also be executing on our compliance efforts, including audit and reporting requirements: GDPR and SOC2.

As we build the team, we are looking for someone that enjoys refining and introducing new processes and frameworks. So, if you are fluent in risk identification and mitigation and stay up to date on the latest security threats and trends in our industry, we’d love to talk with you.

Within 1 month, you will:

• Complete Sprout’s New Hire training program alongside other new Sprout team members.
• Be introduced to Sprout’s security stakeholders across the organization.
• Learn our existing tooling and begin monitoring the status of our environments.
• Collaborate regularly with members of our infrastructure and development teams and get up to speed on our current and future initiatives.
• Begin to decompose larger security projects into small, more manageable deliverables.
• Get regular team feedback on your approach to managing and engaging our existing risks and security capabilities.

Within 3 months, you will:

• Work with your manager and teammates to create and prioritize quarterly team goals.
• Begin to take ownership of our bug bounty program and improve our engagement with the larger security community.
• Review, refine and assign alerts triggered from our IDS and other monitoring platforms.
• Participate in our SOC2 gap analysis and overall compliance efforts.
• Build connections with members from other teams through active networking and community building.

Within 6 months, you will:

• Coordinate and work with external vendors to conduct regular application-level and infrastructure-level penetration tests.
• Identify security gaps within our systems, present plans to mitigate risks, and work with teams get them prioritized within their workstreams.
• Generate and improve upon internal and external security policies and standards.
• Drive internal security awareness training and phishing tests.
• Regularly report on overall security health and recommendations to our technical leadership team.
• Partner with the Infrastructure team to continuously improve our ability to deliver reliable and secure services.

Within 12 months, you will:

• Be a go-to expert and security representative within Sprout.
• Help define and build the security roadmap for future work.
• Work and effectively communicate with other groups across the organization to ensure big-picture alignment and encourage cross-team collaboration with our GRC framework.
• Own cross-organizational projects, demonstrating project management skills, consensus building, and strong leadership.
• Have opportunities to contribute to in-house technical presentations, employee onboarding, and workshops that share your expertise with large groups of Sprout employees.
• Have opportunities to advocate for Sprout in the larger security community by participating/speaking at conferences, user groups, etc.
• Surprise us! Use your unique ideas and abilities to change Sprout Security in beneficial ways that we haven’t even considered yet.

About Sprout Social
Sprout Social is proud to be an Equal Opportunity Employer and an Affirmative Action Employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, marital status, order of protection status, citizenship status, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. If you need a reasonable accommodation for any part of the employment process, please contact us by email at [email protected] and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about our commitment to equal employment opportunity, please click here (1) Equal Opportunity Employment Poster (2) Sprout Social's Affirmative Action Statement (3) Pay Transparency Statement.

When you apply for employment with Sprout Social, we will process your job applicant data, including your employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions. For more information about our privacy practices please visit our Privacy Policy. California residents have additional rights and should review the Additional Disclosures for California Residents section in our Privacy Policy.

Additionally, Sprout Social participates in the E-Verify program in certain locations, as required by law. We value the things that make us different and want to see how you can make our team better!