Security Engineer II

Job description

Smartsheet is a tech company with a human story to tell. We’re here to empower teams to manage projects, automate workflows, and rapidly build new secure solutions, using simple no-code tools. We’re revolutionaries – so for us changing the way the world works is all in a day’s work.

Cyber Security is an integral part of Smartsheet’s corporate culture. At Smartsheet, we believe that it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Cyber Security has a significant effect on privacy, consumer confidence, external reputation, and it is a priority on everyone’s agenda.

Smartsheet is looking for a seasoned Application Security Professional to join our Active Defense and Response Security team. In this critical role, you will be responsible for building solutions that help Smartsheet security in detection engineering, identifying telemetry gaps and bridging those gaps by collaborating with various stakeholders within Smartsheet. You will perform the role of a strategic thinker and have the operational gravitas to be part of Dev SecOps function to orchestrate world-class detection and response program.

You will report to our Sr. Manager, Engineering located in our Bellevue office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer.

In this role, you will:

• Identify and analyze security vulnerabilities across Smartsheet’s products by leveraging techniques such as code reviews, penetration testing, threat modeling, and automated scans.
• Design, implement, and maintain security controls, processes, and services that strengthen product security and protect customer data.
• Triage, investigate, and remediate security issues reported through internal testing, bug bounty programs, or external sources, ensuring timely mitigation and clear communication to all stakeholders.
• Collaborate with engineering teams as a trusted security advisor, providing guidance on architectural decisions, reviewing designs for secure access control, and advocating for best practices in secure software development.
• Conduct in-depth security assessments, including security architecture reviews, threat modeling, and both automated and manual code reviews, to proactively identify potential weaknesses.
• Develop and refine security automation solutions to improve detection of application vulnerabilities, accelerate remediation, and continuously raise the bar for product security.
• Support incident response and forensic efforts, working cross-functionally to resolve issues, implement fixes, and design out similar vulnerabilities in the future.
• Develop and implement security automation to streamline detection, investigation, and response workflows, reducing manual effort and improving operational efficiency.
• Leverage SOAR and scripting technologies (e.g., Python, PowerShell, APIs) to automate repetitive security tasks, including alert triage, threat intelligence enrichment, and remediation actions.
• Design and optimize security automation playbooks to enhance incident response capabilities, ensuring rapid containment and mitigation of threats.
• Implement effective detection and response program by utilizing industry standard NIST / MITRE attack frameworks
• Serve as technical lead responsible for specific areas of computer security incident response activities to include intrusion detection monitoring, scanning, cyber threat reporting, and development/implementation of vulnerability mitigation strategies.
• Represent Smartsheet at information security and cyber security communities globally.

As an ideal candidate, you will have:

• Bachelor’s degree in Computer Science, Computer Engineering, or a related field, or equivalent practical experience.
• 4+ years of hands-on experience in security engineering (e.g., security design review, threat modeling, security assessments, privacy engineering).
• Advanced familiarity with fundamental security disciplines, such as web application security, mobile security, network security, or applied cryptography.
• Understanding of modern security concerns associated with large language models (LLMs), including potential attack vectors, data privacy considerations, and AI-specific threat mitigation.
• Proficiency in coding with at least one modern programming language (e.g., Node.js, Python, Go, Java, C++, Rust), with a track record of successful secure code delivery.
• Strong problem-solving and debugging skills, with the ability to identify and mitigate security threats throughout the software development lifecycle.
• Demonstrated experience collaborating with engineering and product teams, delivering clear guidance on secure coding, architecture, and access control to support confident product decisions.
• Proven leadership or mentorship experience, guiding more junior engineers or cross-functional stakeholders on security best practices and strategies.
• Ability to handle multiple competing priorities in a fast-paced environment
• Relevant certifications such as CISSP, SANS GCIH, SANS GXPN, SANS GIAC, SANS GREM etc.
• OSCP (Offensive Security Certified Professional) is a Plus
• Excellent understanding of Cyber Security Operations, Incident Response processes and telemetry engineering
• Experience with SIEM solutions like Splunk, MS Sentinel, Google Chronicle is a plus
• Expert Python Scripting, Perl, Shell scripting and SecDevOps/automation and or orchestration

Current US Perks & Benefits:

• HSA, 100% employer-paid premiums, or Buy-up medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
• Monthly stipend to support your work and productivity
• Flexible Time Away Program, plus Sick Time Off
• US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
• US employees receive 12 paid holidays per year
• Up to 24 weeks of Parental Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
• Teleworking options from any registered location in the U.S. (role specific)

Smartsheet provides a competitive base salary range for roles that may be hired in different geographic areas we are licensed to operate our business from. Actual compensation is determined by several factors including, but not limited to, level of professional, educational experience, skills, and specific candidate location. In addition, this role will be eligible for a market competitive incentive opportunity.

US Base Salary Pay Range

$120,000—$157,500 USD

Get to Know Us:

At Smartsheet, we’ve created a place where everyone is welcome — people from all over the world, all backgrounds, all ages, all colors, and all beliefs working side by side. Here, everyone can make a difference and empower others to do the same. You’re encouraged to apply even if your experience doesn’t precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we empower everyone, everywhere to change the way the world works—join us!

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

#LI-Remote