Senior Security Engineer II, Application Security
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Security Engineer II specializing in Application Security at Smartsheet. Conducting security assessments and securing AI systems for a SaaS platform servicing millions worldwide.
Responsibilities:
- Conduct security reviews and threat modeling of AI-integrated product features
- Own end-to-end security assessments for high-risk features and services
- Operate and evolve the security scanning controls embedded in Smartsheet's GitLab pipelines
- Serve as the expert validation layer for Smartsheet's bug bounty program
Requirements:
- 8+ years in application security, with a track record of owning complex, multi-capability work in a product security or AppSec engineering role.
- Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent); you identify security-relevant patterns without relying on tooling and write automation that others adopt.
- Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs) and demonstrated experience deploying AI and automation to scale security functions or extend team reach. You bring both skill sets.
- Threat modeling, architecture review, and code review for complex SaaS features; you produce findings engineering teams can act on and carry enough technical credibility to influence design decisions, not just document them.
- Independent, hands-on validation of complex, multi-step authenticated vulnerabilities; you confirm what scanners flag and find what they miss.
- Operator, active researcher, or both; direct experience with triage, severity calibration, and researcher communication.
- Working knowledge of SAST, SCA, secrets, and IaC scanning in modern pipelines, with experience engaging teams on findings and improving signal quality.
- Working knowledge of AWS, GCP, or Azure sufficient to tie application-layer risk to the infrastructure it runs on; you understand where the application ends and the cloud begins.
- Legally eligible to work in the U.S. on an ongoing basis
- BS or MS in Computer Science, a related field, or equivalent industry experience
Benefits:
- Employer subsidized medical/vision and dental coverage for full-time employees
- 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
- Monthly stipend to support your work and productivity
- Flexible Time Away Program, plus Sick Time Off
- US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
- US employees receive 12 paid holidays per year
- Up to 24 weeks of Parental Leave
- Personal paid Volunteer Day to support our community
- Opportunities for professional growth and development including access to Udemy online courses
- Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
- Teleworking options from any registered location in the U.S. (role specific)
Similar Jobs
Incident Response Engineer
Incident Response Engineer managing security incidents for federal government. Collaborating with teams to enhance cybersecurity capabilities and prevent future incidents.
Manager – Architecture and Information Security
Manager of Architecture and Information Security at Ford’s BlueOval Battery Park in Michigan. Leading technology architecture and security strategies for next-gen manufacturing.
Lernbegleiter – Sicherheit und Objektschutz
WBS TRAINING employee focused on competency development through remote instruction and learning facilitation. Engaging students with effective teaching methods and curriculum material preparation.
Learning Facilitator, Security and Property Protection
WBS TRAINING employee supporting competency development in security education role through home office instruction and learning facilitation methods. Preparing learning materials and conducting assessments to enhance student skills.
Regional Security Manager
Regional Security Manager providing security-related expertise to FHI 360's Francophone Africa and MENA regions. Overseeing crisis response and managing security programs across diverse locations.
Health, Safety, Security & Environment
Safety Professional ensure safety compliance and training in projects at JLL. Promoting health, safety and environmental standards in construction.
Information Security BCM Manager
Information Security BCM Manager in Compliance & Assurance Team advising on cybersecurity and business continuity. Work remotely or at locations in Berlin, Leipzig, or Lübeck with flexible hours.
Junior Identity Security Metrics, Databricks Analyst
Junior Identity Security Analyst supporting US Government client to drive identity security initiatives using Databricks for data analysis. Candidates must have required clearance and US citizenship.
Information Security Assistant
Assistente de Segurança da Informação at C&A supporting information security compliance and risk management tasks. Collaborating with various teams to enhance data security protocols.
Junior Identity Security Metrics Consultant, Databricks Analyst
Junior Identity Security Metrics Consultant & Databricks Analyst supporting USPS by generating identity security metrics and extracting data from Databricks.
Information System Security Officer – ISSO
Information Systems Security Officer ensuring continuous monitoring of security and privacy controls for federal information systems. Collaborating with various IT professionals and managing security aspects of systems.
Director, Pentest Platform
Director of Pentest Platform at Horizon3.ai leading strategy, design, and development of pentest execution infrastructure. Managing engineering teams to enhance autonomous testing capabilities.
Ethical Hacker
Ethical Hacker performing penetration testing on web and mobile applications to identify security flaws. Joining a team of experts dedicated to fostering a safe digital space and client security.
Cyber Security Detection Engineer
Cyber Security Detection Engineer at Live Nation focusing on threat detection and engineering. Collaborating in a dynamic entertainment environment to improve global security operations.
Principal Security Advisor
Principal Security Advisor supporting sales engagements and driving security architecture communication at Vultr. Responsible for technical validation and customer trust in cloud security solutions.
Senior Cybersecurity Engineer – Zero Trust
Senior Cybersecurity Engineer working on Zero Trust Architecture and enterprise security platforms for federal objectives. Collaborating across teams to enhance cybersecurity posture and implement advanced solutions.
Security Engineer
Network Security Engineer Senior impacting national security in cyber at GDIT. Responsible for maintaining security and integrity of customer networks with advanced firewall management.
Cybersecurity RMF Specialist
Cybersecurity RMF Specialist developing policies for cloud services deployment in support of the US Army. Requires TS/SCI clearance and extensive experience in various cybersecurity frameworks.
Senior Product Security Engineer – Sovereign Cloud
Senior Product Security Engineer focused on cloud security compliance and technical discussions. Collaborating across teams to improve security processes and mentor junior members.
Senior Linux Distribution Engineer – Software Supply Chain Security
Senior Linux Distribution Engineer responsible for securing Linux package ecosystems and container images. Building, maintaining, and validating software delivery at scale with close collaboration across teams.