Security Engineer II
Company: Smartsheet
Location: Bellevue
Posted on: July 1, 2025
|
|
|
Job Description:
Smartsheet is a tech company with a human story to tell. We’re
here to empower teams to manage projects, automate workflows, and
rapidly build new secure solutions, using simple no-code tools.
We’re revolutionaries – so for us changing the way the world works
is all in a day’s work. Cyber Security is an integral part of
Smartsheet’s corporate culture. At Smartsheet, we believe that it
is the responsibility of each and every employee to safeguard
information, protect it from unauthorized access, and ensure
regulatory compliance. Cyber Security has a significant effect on
privacy, consumer confidence, external reputation, and it is a
priority on everyone’s agenda. Smartsheet is looking for a seasoned
Application Security Professional to join our Active Defense and
Response Security team. In this critical role, you will be
responsible for building solutions that help Smartsheet security in
detection engineering, identifying telemetry gaps and bridging
those gaps by collaborating with various stakeholders within
Smartsheet. You will perform the role of a strategic thinker and
have the operational gravitas to be part of Dev SecOps function to
orchestrate world-class detection and response program. You will
report to our Sr. Manager, Engineering located in our Bellevue
office, or you may work remotely from anywhere in the US where
Smartsheet is a registered employer. In this role, you will: •
Identify and analyze security vulnerabilities across Smartsheet’s
products by leveraging techniques such as code reviews, penetration
testing, threat modeling, and automated scans. • Design, implement,
and maintain security controls, processes, and services that
strengthen product security and protect customer data. • Triage,
investigate, and remediate security issues reported through
internal testing, bug bounty programs, or external sources,
ensuring timely mitigation and clear communication to all
stakeholders. • Collaborate with engineering teams as a trusted
security advisor, providing guidance on architectural decisions,
reviewing designs for secure access control, and advocating for
best practices in secure software development. • Conduct in-depth
security assessments, including security architecture reviews,
threat modeling, and both automated and manual code reviews, to
proactively identify potential weaknesses. • Develop and refine
security automation solutions to improve detection of application
vulnerabilities, accelerate remediation, and continuously raise the
bar for product security. • Support incident response and forensic
efforts, working cross-functionally to resolve issues, implement
fixes, and design out similar vulnerabilities in the future. •
Develop and implement security automation to streamline detection,
investigation, and response workflows, reducing manual effort and
improving operational efficiency. • Leverage SOAR and scripting
technologies (e.g., Python, PowerShell, APIs) to automate
repetitive security tasks, including alert triage, threat
intelligence enrichment, and remediation actions. • Design and
optimize security automation playbooks to enhance incident response
capabilities, ensuring rapid containment and mitigation of threats.
• Implement effective detection and response program by utilizing
industry standard NIST / MITRE attack frameworks • Serve as
technical lead responsible for specific areas of computer security
incident response activities to include intrusion detection
monitoring, scanning, cyber threat reporting, and
development/implementation of vulnerability mitigation strategies.
• Represent Smartsheet at information security and cyber security
communities globally. As an ideal candidate, you will have: •
Bachelor’s degree in Computer Science, Computer Engineering, or a
related field, or equivalent practical experience. • 4 years of
hands-on experience in security engineering (e.g., security design
review, threat modeling, security assessments, privacy
engineering). • Advanced familiarity with fundamental security
disciplines, such as web application security, mobile security,
network security, or applied cryptography. • Understanding of
modern security concerns associated with large language models
(LLMs), including potential attack vectors, data privacy
considerations, and AI-specific threat mitigation. • Proficiency in
coding with at least one modern programming language (e.g.,
Node.js, Python, Go, Java, C++, Rust), with a track record of
successful secure code delivery. • Strong problem-solving and
debugging skills, with the ability to identify and mitigate
security threats throughout the software development lifecycle. •
Demonstrated experience collaborating with engineering and product
teams, delivering clear guidance on secure coding, architecture,
and access control to support confident product decisions. • Proven
leadership or mentorship experience, guiding more junior engineers
or cross-functional stakeholders on security best practices and
strategies. • Ability to handle multiple competing priorities in a
fast-paced environment • Relevant certifications such as CISSP,
SANS GCIH, SANS GXPN, SANS GIAC, SANS GREM etc. • OSCP (Offensive
Security Certified Professional) is a Plus • Excellent
understanding of Cyber Security Operations, Incident Response
processes and telemetry engineering • Experience with SIEM
solutions like Splunk, MS Sentinel, Google Chronicle is a plus •
Expert Python Scripting, Perl, Shell scripting and
SecDevOps/automation and or orchestration Current US Perks &
Benefits: • HSA, 100% employer-paid premiums, or Buy-up
medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your
contribution up to the first 6% of your eligible pay) • Monthly
stipend to support your work and productivity • Flexible Time Away
Program, plus Sick Time Off • US employees are automatically
covered under Smartsheet-sponsored life insurance, short-term, and
long-term disability plans • US employees receive 12 paid holidays
per year • Up to 24 weeks of Parental Leave • Personal paid
Volunteer Day to support our community • Opportunities for
professional growth and development including access to Udemy
online courses • Company Funded Perks, including a counseling
membership, local retail discounts, and your own personal
Smartsheet account • Teleworking options from any registered
location in the U.S. (role specific) Smartsheet provides a
competitive base salary range for roles that may be hired in
different geographic areas we are licensed to operate our business
from. Actual compensation is determined by several factors
including, but not limited to, level of professional, educational
experience, skills, and specific candidate location. In addition,
this role will be eligible for a market competitive incentive
opportunity. US Base Salary Pay Range $120,000—$157,500 USD Get to
Know Us: At Smartsheet, we’ve created a place where everyone is
welcome — people from all over the world, all backgrounds, all
ages, all colors, and all beliefs working side by side. Here,
everyone can make a difference and empower others to do the same.
You’re encouraged to apply even if your experience doesn’t
precisely match our job description—if your career path has been
nontraditional, that will set you apart. At Smartsheet, we empower
everyone, everywhere to change the way the world works—join us!
Equal Opportunity Employer: Smartsheet is an Equal Opportunity
(EEO) employer committed to fostering an inclusive environment with
the best employees. It is our policy to provide equal employment
opportunities to all qualified applicants in accordance with
applicable laws in the US, UK, Australia, Germany, Costa Rica,
Japan, Bulgaria, and India. All qualified applicants will receive
consideration without regard to race, color, religion, sex, sexual
orientation, gender identity, national origin, age, protected
veteran or disabled status, or genetic information.
Keywords: Smartsheet, Olympia , Security Engineer II, IT / Software / Systems , Bellevue, Washington
