Senior Security Engineer II, Application Security

Smartsheet

Senior Security Engineer II specializing in Application Security at Smartsheet. Conducting security assessments and securing AI systems for a SaaS platform servicing millions worldwide.

Posted 5/22/2026full-timeRemote • Washington • 🇺🇸 United StatesSenior💰 $175,000 - $245,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudGoGoogle Cloud PlatformJavaJavaScriptPythonRubyTypeScript

About the role

Key responsibilities & impact

Conduct security reviews and threat modeling of AI-integrated product features
Own end-to-end security assessments for high-risk features and services
Operate and evolve the security scanning controls embedded in Smartsheet's GitLab pipelines
Serve as the expert validation layer for Smartsheet's bug bounty program

Requirements

What you’ll need

8+ years in application security, with a track record of owning complex, multi-capability work in a product security or AppSec engineering role.
Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent); you identify security-relevant patterns without relying on tooling and write automation that others adopt.
Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs) and demonstrated experience deploying AI and automation to scale security functions or extend team reach. You bring both skill sets.
Threat modeling, architecture review, and code review for complex SaaS features; you produce findings engineering teams can act on and carry enough technical credibility to influence design decisions, not just document them.
Independent, hands-on validation of complex, multi-step authenticated vulnerabilities; you confirm what scanners flag and find what they miss.
Operator, active researcher, or both; direct experience with triage, severity calibration, and researcher communication.
Working knowledge of SAST, SCA, secrets, and IaC scanning in modern pipelines, with experience engaging teams on findings and improving signal quality.
Working knowledge of AWS, GCP, or Azure sufficient to tie application-layer risk to the infrastructure it runs on; you understand where the application ends and the cloud begins.
Legally eligible to work in the U.S. on an ongoing basis
BS or MS in Computer Science, a related field, or equivalent industry experience

Benefits

Comp & perks

Employer subsidized medical/vision and dental coverage for full-time employees
401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
Monthly stipend to support your work and productivity
Flexible Time Away Program, plus Sick Time Off
US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
US employees receive 12 paid holidays per year
Up to 24 weeks of Parental Leave
Personal paid Volunteer Day to support our community
Opportunities for professional growth and development including access to Udemy online courses
Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
Teleworking options from any registered location in the U.S. (role specific)

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitythreat modelingarchitecture reviewcode reviewSASTSCAIaC scanningautomationsecurity assessmentsAI-integrated applications

Soft Skills

independent validationinfluencing design decisionsresearcher communicationtriageseverity calibration