Security Engineer II

Summary

Join Smartsheet's Active Defense and Response Security team as a seasoned Application Security Professional. Build solutions for detection engineering, identify telemetry gaps, and collaborate with stakeholders. Serve as a strategic thinker and contribute to the DevSecOps function. You will analyze security vulnerabilities, design security controls, triage security issues, and collaborate with engineering teams. Conduct security assessments, develop automation solutions, support incident response, and leverage SOAR and scripting technologies. Represent Smartsheet in global security communities. This role reports to the Sr. Manager, Engineering and can be performed remotely from anywhere in the US where Smartsheet is a registered employer.

Requirements

• Bachelor’s degree in Computer Science, Computer Engineering, or a related field, or equivalent practical experience
• 4+ years of hands-on experience in security engineering (e.g., security design review, threat modeling, security assessments, privacy engineering)
• Advanced familiarity with fundamental security disciplines, such as web application security, mobile security, network security, or applied cryptography
• Understanding of modern security concerns associated with large language models (LLMs), including potential attack vectors, data privacy considerations, and AI-specific threat mitigation
• Proficiency in coding with at least one modern programming language (e.g., Node.js, Python, Go, Java, C++, Rust), with a track record of successful secure code delivery
• Strong problem-solving and debugging skills, with the ability to identify and mitigate security threats throughout the software development lifecycle
• Demonstrated experience collaborating with engineering and product teams, delivering clear guidance on secure coding, architecture, and access control to support confident product decisions
• Proven leadership or mentorship experience, guiding more junior engineers or cross-functional stakeholders on security best practices and strategies
• Ability to handle multiple competing priorities in a fast-paced environment
• Relevant certifications such as CISSP, SANS GCIH, SANS GXPN, SANS GIAC, SANS GREM etc

Responsibilities

• Identify and analyze security vulnerabilities across Smartsheet’s products by leveraging techniques such as code reviews, penetration testing, threat modeling, and automated scans
• Design, implement, and maintain security controls, processes, and services that strengthen product security and protect customer data
• Triage, investigate, and remediate security issues reported through internal testing, bug bounty programs, or external sources, ensuring timely mitigation and clear communication to all stakeholders
• Collaborate with engineering teams as a trusted security advisor, providing guidance on architectural decisions, reviewing designs for secure access control, and advocating for best practices in secure software development
• Conduct in-depth security assessments, including security architecture reviews, threat modeling, and both automated and manual code reviews, to proactively identify potential weaknesses
• Develop and refine security automation solutions to improve detection of application vulnerabilities, accelerate remediation, and continuously raise the bar for product security
• Support incident response and forensic efforts, working cross-functionally to resolve issues, implement fixes, and design out similar vulnerabilities in the future
• Develop and implement security automation to streamline detection, investigation, and response workflows, reducing manual effort and improving operational efficiency
• Leverage SOAR and scripting technologies (e.g., Python, PowerShell, APIs) to automate repetitive security tasks, including alert triage, threat intelligence enrichment, and remediation actions
• Design and optimize security automation playbooks to enhance incident response capabilities, ensuring rapid containment and mitigation of threats
• Implement effective detection and response program by utilizing industry standard NIST / MITRE attack frameworks
• Serve as technical lead responsible for specific areas of computer security incident response activities to include intrusion detection monitoring, scanning, cyber threat reporting, and development/implementation of vulnerability mitigation strategies
• Represent Smartsheet at information security and cyber security communities globally

Preferred Qualifications

• OSCP (Offensive Security Certified Professional) is a Plus
• Excellent understanding of Cyber Security Operations, Incident Response processes and telemetry engineering
• Experience with SIEM solutions like Splunk, MS Sentinel, Google Chronicle is a plus
• Expert Python Scripting, Perl, Shell scripting and SecDevOps/automation and or orchestration

Benefits

• HSA, 100% employer-paid premiums, or Buy-up medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
• Monthly stipend to support your work and productivity
• Flexible Time Away Program, plus Sick Time Off
• US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
• US employees receive 12 paid holidays per year
• Up to 24 weeks of Parental Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
• Teleworking options from any registered location in the U.S. (role specific)