Senior Security Engineer II, Application Security (Remote Eligible)
SmartsheetRole Overview
Smartsheet is hiring a Senior Security Engineer II, Application Security (Remote Eligible). This is a full-time remote role, with the team based in -REMOTE, USA-. Part of Smartsheet's Risk hiring, posted 4 days ago. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Salary Context
Salary is not disclosed in this posting. Market median for Senior-level Risk roles is $140k-$170k (based on 118 comparable listings). Many employers share specifics during the interview process or after an initial screen.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
For over 20 years, Smartsheet has empowered teams to manage work seamlessly and scale solutions smarter. Now, in our most ambitious chapter yet, we are uniting human teams with AI agents. By orchestrating the work agents do best, automating manual tasks and uncovering insights at scale, we create the space for people to focus on what truly matters: judgment, creativity, and big thinking. That is magic at work, and it’s what we show up for every day.
AI is changing what application security can accomplish. We're not just securing AI; we're using it as a force multiplier to see more risk, act faster, and scale security across a platform used by millions of customers globally. We're looking for a Senior Security Engineer II to join our Application Security team who can do both: bring deep expertise in securing AI-integrated systems, and deploy AI and automation to drive risk visibility and reduction at a scale no traditional security program can match on its own.
This is a high-ownership, technically demanding role for an experienced application security engineer. You will work at the intersection of threat-informed design, engineering automation, and applied AI, doing consequential security work that directly shapes the posture of a modern SaaS platform. If you're a security engineer who writes code to solve security problems, can read a production codebase to find what a scanner misses, and wants your work to matter beyond a ticket queue, we want to talk.
You will report to the Manager, Application Security , based in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer.
You Will:
- Secure AI Systems and Use AI to Scale Security: Conduct security reviews and threat modeling of AI-integrated product features (LLM workflows, agentic pipelines, model APIs) with working knowledge of AI-specific risk classes including prompt injection, model manipulation, and runtime control gaps; and in parallel, deploy AI and automation as a force multiplier by building tooling, pipelines, and integrations that extend the team's reach, accelerate triage, and drive risk visibility at a scale manual effort alone cannot achieve.
- Deliver Application Security Reviews: Own end-to-end security assessments for high-risk features and services (threat modeling, architecture review, targeted code review, and security testing) embedded in the product development lifecycle. Work directly with engineering teams to surface and close risk before it ships, with enough technical credibility to influence design decisions, not just document findings.
- Advance CI/CD Pipeline Security: Operate and evolve the security scanning controls embedded in Smartsheet's GitLab pipelines (SAST, SCA, secrets, IaC scanning). Tune tools, engage teams on findings, and build automation that reduces false positive burden and improves how developers experience security feedback.
- Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet's bug bounty program, reproducing and assessing complex, multi-step researcher submissions requiring authenticated context and deep platform knowledge, making defensible severity and payout decisions, and owning program operations including researcher engagement, metrics, and continuous improvement.
You Have:
- Experience: 8+ years in application security, with a track record of owning complex, multi-capability work in a product security or AppSec engineering role.
- Software engineering foundation: Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent); you identify security-relevant patterns without relying on tooling and write automation that others adopt.
- AI security: Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs) and demonstrated experience deploying AI and automation to scale security functions or extend team reach. You bring both skill sets.
- Security review depth: Threat modeling, architecture review, and code review for complex SaaS features; you produce findings engineering teams can act on and carry enough technical credibility to influence design decisions, not just document them.
- Manual web application testing: Independent, hands-on validation of complex, multi-step authenticated vulnerabilities; you confirm what scanners flag and find what they miss.
- Bug bounty experience: Operator, active researcher, or both; direct experience with triage, severity calibration, and researcher communication.
- CI/CD pipeline security: Working knowledge of SAST, SCA, secrets, and IaC scanning in modern pipelines, with experience engaging teams on findings and improving signal quality.
- Cloud security fundamentals: Working knowledge of AWS, GCP, or Azure sufficient to tie application-layer risk to the infrastructure it runs on; you understand where the application ends and the cloud begins.
- Legally eligible to work in the U.S. on an ongoing basis
- BS or MS in Computer Science, a related field, or equivalent industry experience
NICE TO HAVE:
- Experience with agentic security, MCP security, or adversarial evaluation of autonomous AI systems.
- GitLab CI/CD experience, including security policy pipeline configuration and scanning job integration.
- Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition.
- Penetration testing program management experience: scope definition, vendor coordination, and finding validation with third-party testers.
Current US Perks & Benefits:
- Employer subsidized medical/vision and dental coverage for full-time employees
- 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
- Monthly stipend to support your work and productivity
- Flexible Time Away Program, plus Sick Time Off
- US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
- US employees receive 12 paid holidays per year
- Up to 24 weeks of Parental Leave
- Personal paid Volunteer Day to support our community
- Opportunities for professional growth and development including access to Udemy online courses
- Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
- Teleworking options from any registered location in the U.S. (role specific)
Smartsheet provides a competitive base salary range for roles that may be hired in different geographic areas we are licensed to operate our business from. Actual compensation is determined by several factors including, but not limited to, level of professional, educational experience, skills, and specific candidate location. In addition, this role will be eligible for a market competitive incentive opportunity.
Get to Know Us:
At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You’ll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you’re doing work that stretches you, excites you, and connects you to something bigger, that’s magic at work. Let’s build what’s next, together.
Equal Opportunity Employer:
Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, India, and Singapore. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
#LI-Remote
About Smartsheet
Smartsheet
smartsheet.com
58 other open roles at Smartsheet on TryApplyNow.
Frequently Asked Questions
How do I apply for the Senior Security Engineer II, Application Security (Remote Eligible) position at Smartsheet?
Use the Apply button above to submit your application directly to Smartsheet. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Is the Senior Security Engineer II, Application Security (Remote Eligible) role at Smartsheet remote?
Yes. This is a remote role. The team is based in -REMOTE, USA-, but the position itself does not require relocating to that office.
What does a Senior Security Engineer II, Application Security (Remote Eligible) at Smartsheet earn?
Smartsheet has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Senior Security Engineer II, Application Security (Remote Eligible) role at Smartsheet posted?
This role was posted on July 9, 2026 (4 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
How much experience does the Senior Security Engineer II, Application Security (Remote Eligible) role at Smartsheet require?
This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Smartsheet lists their specific requirements in the description below, so review the must-have qualifications closely before applying.
Similar Jobs
Senior Enterprise Sales Engineer - New York
Chainguard
Senior Customer Success Manager - Federal
Chainguard
Senior Counsel, Commercial
Chainguard
Principal Product Security Researcher
Chainguard
Head of Developer Relations
Chainguard
More Jobs at Smartsheet
View all →Technical Support Specialist II - Governance and Ops (Remote Eligible - Costa
Smartsheet
Senior Director, Revenue Enablement
Smartsheet
Software Engineer II, FedRamp (Remote Eligible)
Smartsheet
Software Engineer II - App Core (Remote Eligible)
Smartsheet
Senior Software Engineer II - Applied AI (Remote Eligible)
Smartsheet
AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start