Senior Security Engineer I – GRC FedRAMP (Remote Eligible)

Smartsheet
$145,000 - $210,000Remote

About The Position

Smartsheet is seeking a FedRAMP and GovRAMP subject matter expert to lead these programs. This role involves obtaining and maintaining ATO authorizations, navigating 3PAO assessments, and managing continuous monitoring requirements. The individual will own Smartsheet's FedRAMP and GovRAMP certifications, manage relationships with 3PAOs, drive annual assessment preparation, manage POA&M processes, and ensure authorizations are maintained at the highest level. The role requires understanding federal compliance nuances, communicating effectively with government agencies and assessors, and translating complex regulatory requirements into clear roadmaps for engineering and operations teams. This position will serve as the voice of federal compliance at Smartsheet and a trusted advisor to government customers on the company's security posture.

Requirements

  • 5+ years of hands-on experience with FedRAMP and/or GovRAMP (StateRAMP) programs, including direct involvement in obtaining and maintaining ATOs.
  • Proven experience working with accredited 3PAOs: You've coordinated initial assessments, managed annual re-assessments, provided evidence packages, and worked through test results and findings.
  • A degree in Computer Science, Computer Engineering, Cybersecurity or a related field or equivalent practical experience.
  • Deep understanding of FedRAMP continuous monitoring requirements: Comprehensive knowledge of monthly deliverables, annual assessment cycles, POA&M management, vulnerability scan and penetration test requirements, and compliance reporting cadences.
  • Strong NIST 800-53 control knowledge: Fluency with control baselines, supplemental overlays (ITAR, CJIS, HIPAA, etc.), impact level determination, and control selection for various system types.
  • Project management and stakeholder coordination skills: Experience managing complex, multi-month compliance programs with multiple dependencies, stakeholders, and tight deadlines.
  • Technical foundation in cloud security and compliance: Working knowledge of AWS/GCP/Azure, cloud security controls, identity and access management, encryption, logging, and incident response—sufficient to understand system architecture and control implementations.
  • Excellent documentation and communication skills: Ability to write clear System Security Plans, coordinate across multiple stakeholders, and translate technical and compliance concepts for government audiences.
  • Understanding of federal procurement and contracting: Familiarity with how government agencies acquire and authorize cloud services, and the role of compliance in federal GTM.
  • US Person Status: Must be a U.S. Citizen, U.S. National to meet federal compliance requirements.

Nice To Haves

  • Professional certifications: CISSP, CISM, CISA, CRISC, or FedRAMP-specific credentials.
  • Experience with multiple impact levels: IL2 (Low), IL4 (Moderate), IL6 (High) systems and their specific requirements.
  • Background in government contracting, DoD CMMC, or other federal compliance frameworks.
  • Experience with SaaS FedRAMP authorization, particularly multi-tenant systems and JAB vs. Agency ATO pathways.

Responsibilities

  • Own FedRAMP and GovRAMP (formerly StateRAMP) certifications and roadmaps: Lead the overall strategy for obtaining and maintaining federal authorizations, including package management, compliance timelines, and authority coordination.
  • Manage 3PAO relationships and assessments: Work with accredited third-party assessment organizations to conduct initial assessments and annual re-assessments. Coordinate scoping, evidence preparation, testing coordination, and results validation.
  • Lead continuous monitoring (ConMon) execution: Oversee the delivery of monthly, annual, and event-driven FedRAMP deliverables including vulnerability scans, penetration testing, system security plan updates, and compliance reporting.
  • Manage Plans of Action and Milestones (POA&M) processes: Own the identification, prioritization, tracking, and remediation of findings. Ensure timely closure of Critical (30 days), High (30 days), and Moderate (90 days) findings while coordinating with engineering and security teams.
  • Coordinate significant change requests and system modifications: Work with product and engineering to document, scope, assess, and obtain agency approval for system changes that impact security controls or compliance posture.
  • Engage with authorizing officials and federal agencies: Build and maintain relationships with government sponsors, CIOs, and agency decision-makers. Provide regular status updates, respond to questions, and demonstrate authorization compliance.
  • Prepare comprehensive assessment packages: Lead the development of System Security Plans (SSP), Security Assessment Plans (SAP), risk exposure tables, and supporting documentation required for audits.
  • Drive compliance automation and efficiency: Identify opportunities to automate evidence collection, simplify reporting, and reduce manual effort while maintaining rigor and auditability.

Benefits

  • Employer subsidized medical/vision and dental coverage for full-time employees
  • 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
  • Monthly stipend to support your work and productivity
  • Flexible Time Away Program, plus Sick Time Off
  • US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
  • US employees receive 12 paid holidays per year
  • Up to 24 weeks of Parental Leave
  • Personal paid Volunteer Day to support our community
  • Opportunities for professional growth and development including access to Udemy online courses
  • Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
  • Teleworking options from any registered location in the U.S. (role specific)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service