Smartsheet
SaaS
SeniorSecurityEngineerII,ApplicationSecurity
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior Security Engineer II, Application Security at Smartsheet. Skills: Application Security, AI Security, Automation, Threat Modeling. Secure AI Systems. Use AI to Scale Security”
What You'll Achieve.
Drive risk visibility; Drive risk reduction; Surface and close risk before it ships; Improve how developers experience security feedback; Improve signal quality
Industry & Context.
Solve security problems; Identify security-relevant patterns; Find what scanners miss; Triage complex submissions; Defensible severity and payout decisions
What They're Looking For.
Must Have
8+ years in application security, Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent), Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs), Demonstrated experience deploying AI and automation to scale security functions or extend team reach, Threat modeling, architecture review, and code review for complex SaaS, Manual web application testing, Operator, active researcher, or direct experience with triage, severity calibration, and researcher communication, Working knowledge of SAST, SCA, secrets, and IaC scanning in modern pipelines, Working knowledge of AWS, GCP, or Azure sufficient to tie application-layer risk to the infrastructure it runs, Legally eligible to work in the U. S. on an ongoing basis
Nice to Have
Experience with agentic security, MCP security, or adversarial evaluation of autonomous AI systems, GitLab CI/CD experience, including security policy pipeline configuration and scanning job integration, Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition, Penetration testing program management experience: scope definition, vendor coordination, and finding validation with third-party testers
What You'll Do.
Use AI to Scale Security
Conduct security reviews
Threat modeling of AI-integrated features
Deploy AI and automation
Deliver Application Security Reviews
Own end-to-end security assessments
Work with engineering teams
Advance CI/CD Pipeline Security
Operate and evolve security scanning controls
Engage teams on findings
Build automation for security feedback
Run Bug Bounty Operations
Serve as expert validation layer
Make defensible severity and payout decisions
Own program operations
How You'll Work.
Team & Collaboration
Work directly with engineering teams; Engage teams on findings; Researcher engagement
Communication Scope
Researcher communication
Process & Methodology
Penetration testing program management, Scope definition, Vendor coordination
Full Job Description
For over 20 years, Smartsheet has helped people and teams achieve–well, anything. From seamless work management to smart, scalable solutions, we’ve always worked with flow. We’re building tools that empower teams to automate the manual, uncover insights, and scale smarter. But more than that, we’re creating space– space to think big, take action, and unlock the kind of work that truly matters. Because when challenge meets purpose, and passion turns into progress, that’s magic at work, and it’s what we show up for everyday. AI is changing what application security can accomplish. We're not just securing AI; we're using it as a force multiplier to see more risk, act faster, and scale security across a platform used by millions of customers globally. We're looking for a Senior Security Engineer II to join our Application Security team who can do both: bring deep expertise in securing AI-integrated systems, and deploy AI and automation to drive risk visibility and reduction at a scale no traditional security program can match on its own. This is a high-ownership, technically demanding role for an experienced application security engineer. You will work at the intersection of threat-informed design, engineering automation, and applied AI, doing consequential security work that directly shapes the posture of a modern SaaS platform. If you're a security engineer who writes code to solve security problems, can read a production codebase to find what a scanner misses, and wants your work to matter beyond a ticket queue, we want to talk. You will report to the Manager, Application Security , based in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer. You Will: Secure AI Systems and Use AI to Scale Security: Conduct security reviews and threat modeling of AI-integrated product features (LLM workflows, agentic pipelines, model APIs) with working knowledge of AI-specific risk classes including prompt injection, mo
Applying for this Senior Security Engineer II, Application Security role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Greenhouse
- Create a Greenhouse profile before applying — it saves time across multiple applications.
- Upload your resume as a PDF; the parser handles it better than Word.
- Answer all knockout questions carefully — wrong answers auto-reject before a human sees you.
- Enable email notifications to track application status in real time.
ANONYMOUS · UNFILTERED
What do employees actually say about Smartsheet?
Real rants from real employees. Read before you apply.