Senior Application Security Engineer
Location: San Diego
Posted on: June 23, 2025
|
|
|
Job Description:
Security sits at the intersection of empowering teams to move
quickly and mitigating risks to our overall business. We are
enablers who strive to hone our unique craft and minimize friction
or red tape. Our security team ensures that we are designing
platforms, implementing tools and building products with security
in mind. This team owns the security posture of our entire
organization, including our development, production environments,
and internal concerns. As a part of this team, you are given the
space and encouraged to stretch beyond your core function and make
a deeper impact on the broader organization. In short, the work you
do here matters, and you feel that day in and day out. What you’ll
do • Implement SAST, DAST and SCA tooling as part of security
hygiene and integrated into CI/CD pipelines • Ensure that we are
designing platforms, implementing tools and building products with
security in mind. • Serve as trusted advisor and collaborator to
developers to identify new threats, attack methods, and techniques,
to develop and prioritize mitigation plans (threat modeling &
governance) • Influence stakeholders to correct security
deficiencies in solution design as well as developed code •
Collaborate with partners in infrastructure and engineering to
measurably harden, monitor, and ensure resilience for our
cloud-hosted platforms and software development lifecycle. •
Establish, manage, and own risk based cross-organizational projects
and work to continuously improve our security posture • Integrate
with a maturing vulnerability management program to ensure tracking
and remediation of security issues. What you’ll bring We’re looking
for an engineer with passion for working collaboratively with
developers and a desire to ensure that software applications are
built with the highest level of security. If youre ready to join a
dynamic team of developers and security experts, and help create
software that is secure from the ground up, we’d love to talk with
you! Qualifications The minimum qualifications for this role
include: • 3 years of programming and/or DevOps experience and 3
years of information security experience • Experience performing
security testing of an application using Static Application
Security testing (SAST), Dynamic Application Security Testing
(DAST) and Open Source Analysis (SCA) tooling. • Experience in
reviewing findings from the above tools to analyze false positives
and recommend security fixes. • Demonstrated comprehension of the
OWASP Top 10 and an ability to communicate with developers and
application architects. Preferred qualifications for this role
include: • Information security qualification such as CISSP • GIAC
or related certifications related to application pen testing or
secure development • Experience with threat modeling and familiar
with using frameworks to guide decision making based on risk
tolerance and business objectives • Experience with
technology/tools such as Kubernetes, Docker, Jenkins, Terraform,
AWS, Github, etc • Experience automating security testing into
CI/CD pipelines How you’ll grow Within 1 month, you’ll plant your
roots, including: • Experiencing Sprout’s in-depth onboarding,
covering everything from our company mission and values, hearing
directly from executives and founders, to deep training on our
products and the value that Sprout delivers to our customers •
Making a plan with your manager to set initial priorities, align on
expectations for your role, plant goalposts for your career, and
learn about Sprout’s approach to security • Meeting Sprout’s
security stakeholders across the organization • Learning our
existing tooling and begin monitoring the status of our
environments • Collaborating regularly with teammates and members
of our infrastructure and development teams and get up to speed on
our current and future initiatives • Getting regular feedback on
your approach to managing and engaging our existing risks and
security capabilities Within 3 months, you’ll start hitting your
stride by: • Working with your manager and teammates to create and
prioritize quarterly team goals • Deconstructing larger security
projects into smaller, more manageable deliverables • Starting to
understand the breadth and depth of technologies and tools under
the team’s purview • Reviewing, refining and triaging alerts
triggered from our IDS, vulnerability management tools,and other
monitoring platforms • Participating in Security on-call rotation •
Building connections with members from other teams through active
networking and community building to help foster a security-first
culture Within 6 months, you’ll be making a clear impact through: •
Improving the security tooling and telemetry used at Sprout •
Identifying security gaps within our systems, present plans to
mitigate risks, and work with teams to get them prioritized within
their workstreams • Regularly evaluating and reporting security
health around our SDLC and providing recommendations • Having your
first performance conversation with your manager, where you’ll
discuss your accomplishments in your role and work together to
build goals for your professional growth • Partnering with
engineering, IT and other teams to continuously improve our ability
to deliver reliable and secure services Within 12 months, you’ll
make this role your own by: • Becoming a go-to expert and security
representative within Sprout • Helping define and build the
security roadmap for future work • Working and effectively
communicating with other groups across the organization to ensure
big-picture alignment and encourage cross-team collaboration •
Owning cross-organizational projects, demonstrating project
management skills, consensus building, and strong leadership •
Contributing to in-house technical presentations, employee
onboarding, and workshops that share your expertise with large
groups of Sprout employees • Surprise us! Use your unique ideas and
abilities to change Sprout Security in beneficial ways that we
haven’t considered yet Of course what is outlined above is the
ideal timeline, but things may shift based on business needs and
other projects and tasks could be added at the discretion of your
manager. Our Benefits Program We’re proud to regularly be
recognized for our team, product and culture. Our benefits program
includes: • Insurance and benefit options that are built for both
individuals and families • Progressive policies to support
work/life balance, like our flexible paid time off and parental
leave program • High-quality and well-maintained equipment—your
computer will never prevent you from doing your best • Wellness
initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our
Grow@Sprout program and employee-led diversity, equity, and
inclusion initiatives. • Growing corporate social responsibility
program that is driven by the involvement and passion of our team
members • Beautiful, convenient, and state-of-the-art offices in
Chicago’s Loop and downtown Seattle, for those who prefer an office
setting
Keywords: , San Diego , Senior Application Security Engineer, IT / Software / Systems , San Diego, California
