Staff Security Engineer – App & Product Sec
San Francisco, California, United States of America
Full Time
3 hours ago
$235,000 - $285,000 USD
Visa Sponsor
Key skills
AWSCloudGoogle Cloud PlatformPythonTerraformBashAIGCPGoogle CloudIAMAuth0OktaSSOCI/CDLeadershipPenetration TestingCloud Security
About this role
Role Overview
- Build and lead Sprinter’s security program as the company’s first dedicated security hire
- Define and execute a practical security roadmap across cloud infrastructure, application security, compliance, identity, vendor risk, and incident readiness
- Design, implement, and maintain security controls that support HIPAA, SOC 2, and HITRUST requirements
- Partner with legal, product, IT, engineering, and operations teams to ensure ongoing audit readiness and compliance maturity
- Improve security across AWS and GCP environments, including IAM, networking, encryption, secrets management, and cloud-native application security
- Evaluate and implement security tooling for vulnerability management, cloud security posture management, security monitoring, DAST, and related needs
- Lead vulnerability management efforts across applications, infrastructure, cloud environments, and third-party systems
- Coordinate penetration testing efforts, work with external security partners, and drive remediation with engineering teams
- Embed security into the software development lifecycle through secure design reviews, CI/CD checks, developer guidance, and pragmatic security standards
- Own or support partner, customer, and vendor security reviews, including questionnaires, risk assessments, and remediation planning
- Strengthen identity and access management across internal systems, applications, and cloud environments
- Develop clear security policies, procedures, documentation, and reporting for internal teams and senior leadership
- Advise on AI security best practices as Sprinter adopts and builds AI-enabled systems, including data handling, model risk, application security, and privacy controls
- Build strong working relationships across teams so security is viewed as a partner to the business, not a blocker
Requirements
- Spent 8+ years in security engineering, cloud security, application security, infrastructure security, DevSecOps, or related roles
- Built or meaningfully scaled a security function, security program, or major security domain in a high-growth environment
- Operated as a senior technical owner for security across engineering, infrastructure, product, IT, and compliance stakeholders
- Worked hands-on with cloud security in AWS, GCP, or similar cloud environments
- Implemented security controls that support compliance frameworks such as HIPAA, SOC 2, HITRUST, ISO 27001, or similar
- Led vulnerability management, penetration testing coordination, remediation workflows, and security assessments
- Partnered with engineering teams to embed security into architecture, development, CI/CD, and production operations
- Worked with identity and access management systems such as Okta, Auth0, SSO, MFA, RBAC, or related tooling
- Evaluated, selected, or implemented security tools such as SIEM, DAST, vulnerability scanners, CSPM, endpoint security, or monitoring platforms
- Used scripting or infrastructure-as-code tools such as Python, Bash, Terraform, or similar to automate security workflows
- Communicated security risks, tradeoffs, and priorities clearly to technical and non-technical stakeholders
- Made practical risk decisions in environments where speed, ambiguity, compliance, and security all matter.
Tech Stack
- AWS
- Cloud
- Google Cloud Platform
- Python
- Terraform
Benefits
- Meaningful pre-IPO equity
- Medical, dental, and vision plans 100% paid for you and your dependents
- Flexible PTO + 10 paid holidays per year
- 401(k) with match
- 16-week parental leave policy for birthing parent, 8 weeks for all other parents
- HSA + FSA contributions
- Life insurance, plus short and long-term disability coverage
- Free daily lunch in-office
- Annual learning stipend
- Relocation assistance