Security Engineer II (Remote Eligible)

Smartsheet is a tech company with a human story to tell. We're here to empower teams to manage projects, automate workflows, and rapidly build new secure solutions, using simple no-code tools. We're revolutionaries – so for us changing the way the world works is all in a day's work. Cyber Security is an integral part of Smartsheet's corporate culture. At Smartsheet, we believe that it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Cyber Security has a significant effect on privacy, consumer confidence, external reputation, and it is a priority on everyone's agenda. Smarsheet is looking for a seasoned Application Security Professional to join our Active Defense and Response Security team. In this critical role, you will be responsible for building solutions that help Smartsheet security in detection engineering, identifying telemetry gaps and bridging those gaps by collaborating with various stakeholders within Smartsheet. You will perform the role of a strategic thinker and have the operational gravitas to be part of Dev SecOps function to orchestrate world-class detection and response program. You will report to our Sr. Manager, Engineering located in our Bellevue office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer. In this role, you will: Identify and analyze security vulnerabilities across Smartsheet's products by leveraging techniques such as code reviews, penetration testing, threat modeling, and automated scans. Design, implement, and maintain security controls, processes, and services that strengthen product security and protect customer data. Triage, investigate, and remediate security issues reported through internal testing, bug bounty programs, or external sources, ensuring timely mitigation and clear communication to all stakeholders. Collaborate with engineering teams as a trusted security advisor, providing guidance on architectural decisions, reviewing designs for secure access control, and advocating for best practices in secure software development. Conduct in-depth security assessments, including security architecture reviews, threat modeling, and both automated and manual code reviews, to proactively identify potential weaknesses. Develop and refine security automation solutions to improve detection of application vulnerabilities, accelerate remediation, and continuously raise the bar for product security. Support incident response and forensic efforts, working cross-functionally to resolve issues, implement fixes, and design out similar vulnerabilities in the future. Develop and implement security automation to streamline detection, investigation, and response workflows, reducing manual effort and improving operational efficiency. Leverage SOAR and scripting technologies (e.g., Python, PowerShell, APIs) to automate repetitive security tasks, including alert triage, threat intelligence enrichment, and remediation actions. Design and optimize security automation playbooks to enhance incident response capabilities, ensuring rapid containment and mitigation of threats. Implement effective detection and response program by utilizing industry standard NIST / MITRE attack frameworks Serve as technical lead responsible for specific areas of computer security incident response activities to include intrusion detection monitoring, scanning, cyber threat reporting, and development/implementation of vulnerability mitigation strategies. Represent Smartsheet at information security and cyber security communities globally.

Smartsheet is a tech company with a human story to tell. We're here to empower teams to manage projects, automate workflows, and rapidly build new secure solutions, using simple no-code tools. We're revolutionaries – so for us changing the way the world works is all in a day's work. Cyber Security is an integral part of Smartsheet's corporate culture. At Smartsheet, we believe that it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Cyber Security has a significant effect on privacy, consumer confidence, external reputation, and it is a priority on everyone's agenda.