About The Position

Smartsheet is seeking a Senior Security Engineer II to join their Application Security team. This role is focused on securing AI-integrated systems and leveraging AI and automation to enhance security at scale. The position involves threat-informed design, engineering automation, and applied AI to shape the security posture of a modern SaaS platform. The ideal candidate is a security engineer who writes code to solve security problems, can analyze production codebases, and wants their work to have a significant impact. The role reports to the Manager, Application Security and can be based in Bellevue, WA, or remote within the US where Smartsheet is a registered employer.

Requirements

  • 8+ years in application security, with experience owning complex, multi-capability work in a product security or AppSec engineering role.
  • Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent) with the ability to identify security patterns and write adoption-worthy automation.
  • Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs) and demonstrated experience deploying AI/automation to scale security functions.
  • Proficiency in threat modeling, architecture review, and code review for complex SaaS features, producing actionable findings and influencing design decisions.
  • Independent, hands-on validation of complex, multi-step authenticated web application vulnerabilities.
  • Direct experience with bug bounty triage, severity calibration, and researcher communication.
  • Working knowledge of SAST, SCA, secrets, and IaC scanning in modern CI/CD pipelines, with experience engaging teams on findings and improving signal quality.
  • Working knowledge of AWS, GCP, or Azure to connect application-layer risk to infrastructure.
  • Legally eligible to work in the U.S. on an ongoing basis.
  • BS or MS in Computer Science, a related field, or equivalent industry experience.

Nice To Haves

  • Experience with agentic security, MCP security, or adversarial evaluation of autonomous AI systems.
  • GitLab CI/CD experience, including security policy pipeline configuration and scanning job integration.
  • Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition.
  • Penetration testing program management experience: scope definition, vendor coordination, and finding validation with third-party testers.

Responsibilities

  • Conduct security reviews and threat modeling of AI-integrated product features (LLM workflows, agentic pipelines, model APIs), understanding AI-specific risks like prompt injection and model manipulation.
  • Deploy AI and automation to build tooling, pipelines, and integrations that increase team reach, speed up triage, and improve risk visibility.
  • Own end-to-end security assessments for high-risk features and services, including threat modeling, architecture review, code review, and security testing within the product development lifecycle.
  • Collaborate directly with engineering teams to identify and mitigate risks before product release, influencing design decisions with technical credibility.
  • Operate and enhance security scanning controls in GitLab CI/CD pipelines (SAST, SCA, secrets, IaC scanning), tuning tools, addressing findings, and automating to reduce false positives and improve developer feedback.
  • Serve as the expert validation for the bug bounty program, reproducing and assessing complex researcher submissions, making severity and payout decisions, and managing program operations including researcher engagement and metrics.

Benefits

  • Employer subsidized medical/vision and dental coverage for full-time employees
  • 401k Match (50% of your contribution up to the first 6% of your eligible pay)
  • Monthly stipend to support your work and productivity
  • Flexible Time Away Program, plus Sick Time Off
  • Company-sponsored life insurance, short-term, and long-term disability plans
  • 12 paid holidays per year
  • Up to 24 weeks of Parental Leave
  • Personal paid Volunteer Day
  • Opportunities for professional growth and development including access to Udemy online courses
  • Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
  • Teleworking options from any registered location in the U.S. (role specific)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service