Senior Application Security Engineer Position Available In Montgomery, Pennsylvania

Job Description:

Security sits at the intersection of empowering teams to movequickly and mitigating risks to our overall business. We areenablers who strive to hone our unique craft and minimize frictionor red tape. Our security team ensures that we are designingplatforms, implementing tools and building products with securityin mind. This team owns the security posture of our entireorganization, including our development, production environments,and internal concerns. As a part of this team, you are given thespace and encouraged to stretch beyond your core function and makea deeper impact on the broader organization. In short, the work youdo here matters, and you feel that day in and day out. What you’lldo

• Implement SAST, DAST and SCA tooling as part of securityhygiene and integrated into CI/CD pipelines
• Ensure that we aredesigning platforms, implementing tools and building products withsecurity in mind.
• Serve as trusted advisor and collaborator todevelopers to identify new threats, attack methods, and techniques,to develop and prioritize mitigation plans (threat modeling &governance)
• Influence stakeholders to correct securitydeficiencies in solution design as well as developed code
• Collaborate with partners in infrastructure and engineering tomeasurably harden, monitor, and ensure resilience for ourcloud-hosted platforms and software development lifecycle.
• Establish, manage, and own risk based cross-organizational projectsand work to continuously improve our security posture
• Integratewith a maturing vulnerability management program to ensure trackingand remediation of security issues.

What you’ll bring We’re lookingfor an engineer with passion for working collaboratively withdevelopers and a desire to ensure that software applications arebuilt with the highest level of security. If youre ready to join adynamic team of developers and security experts, and help createsoftware that is secure from the ground up, we’d love to talk withyou! Qualifications The minimum qualifications for this roleinclude:

• 3 years of programming and/or DevOps experience and 3years of information security experience
• Experience performingsecurity testing of an application using Static ApplicationSecurity testing (SAST), Dynamic Application Security Testing(DAST) and Open Source Analysis (SCA) tooling.
• Experience inreviewing findings from the above tools to analyze false positivesand recommend security fixes.
• Demonstrated comprehension of theOWASP Top 10 and an ability to communicate with developers andapplication architects.

Preferred qualifications for this roleinclude:

• Information security qualification such as CISSP
• GIACor related certifications related to application pen testing orsecure development
• Experience with threat modeling and familiarwith using frameworks to guide decision making based on risktolerance and business objectives
• Experience withtechnology/tools such as Kubernetes, Docker, Jenkins, Terraform,AWS, Github, etc
• Experience automating security testing intoCI/CD pipelines How you’ll grow Within 1 month, you’ll plant yourroots, including:
• Experiencing Sprout’s in-depth onboarding,covering everything from our company mission and values, hearingdirectly from executives and founders, to deep training on ourproducts and the value that Sprout delivers to our customers
• Making a plan with your manager to set initial priorities, align onexpectations for your role, plant goalposts for your career, andlearn about Sprout’s approach to security
• Meeting Sprout’ssecurity stakeholders across the organization
• Learning ourexisting tooling and begin monitoring the status of ourenvironments
• Collaborating regularly with teammates and membersof our infrastructure and development teams and get up to speed onour current and future initiatives
• Getting regular feedback onyour approach to managing and engaging our existing risks andsecurity capabilities Within 3 months, you’ll start hitting yourstride by:
• Working with your manager and teammates to create andprioritize quarterly team goals
• Deconstructing larger securityprojects into smaller, more manageable deliverables
• Starting tounderstand the breadth and depth of technologies and tools underthe team’s purview
• Reviewing, refining and triaging alertstriggered from our IDS, vulnerability management tools,and othermonitoring platforms
• Participating in Security on-call rotation
• Building connections with members from other teams through activenetworking and community building to help foster a security-firstculture Within 6 months, you’ll be making a clear impact through:
• Improving the security tooling and telemetry used at Sprout
• Identifying security gaps within our systems, present plans tomitigate risks, and work with teams to get them prioritized withintheir workstreams
• Regularly evaluating and reporting securityhealth around our SDLC and providing recommendations
• Having yourfirst performance conversation with your manager, where you’lldiscuss your accomplishments in your role and work together tobuild goals for your professional growth
• Partnering withengineering, IT and other teams to continuously improve our abilityto deliver reliable and secure services Within 12 months, you’llmake this role your own by:
• Becoming a go-to expert and securityrepresentative within Sprout
• Helping define and build thesecurity roadmap for future work
• Working and effectivelycommunicating with other groups across the organization to ensurebig-picture alignment and encourage cross-team collaboration
• Owning cross-organizational projects, demonstrating projectmanagement skills, consensus building, and strong leadership
• Contributing to in-house technical presentations, employeeonboarding, and workshops that share your expertise with largegroups of Sprout employees
• Surprise us!

Use your unique ideas andabilities to change Sprout Security in beneficial ways that wehaven’t considered yet Of course what is outlined above is theideal timeline, but things may shift based on business needs andother projects and tasks could be added at the discretion of yourmanager. Our Benefits Program We’re proud to regularly berecognized for our team, product and culture.

Our benefits programincludes:

• Insurance and benefit options that are built for bothindividuals and families
• Progressive policies to supportwork/life balance, like our flexible paid time off and parentalleave program
• High-quality and well-maintained equipment—yourcomputer will never prevent you from doing your best
• Wellnessinitiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via ourGrow@Sprout program and employee-led diversity, equity, andinclusion initiatives.
• Growing corporate social responsibilityprogram that is driven by the involvement and passion of our teammembers
• Beautiful, convenient, and state-of-the-art offices inChicago’s Loop and downtown Seattle, for those who prefer an officesetting