Sr. Security Engineer 1 (Customer Trust)

About The Position

Requirements

• Strong analytical and problem solving skills
• Ability to explain CI/CD and SDLC best practices and how Smartsheet is deployed.
• Hands-on experience with AAA implementations (SSO, IdP, MFA enforcement, session management, etc.).
• Hands-on experience with enterprise system and application integrations, and with security tooling such as EDR, VPNs, Vulnerability scanners, CSPM, and SIEM/CASB.
• 5+ years of total experience in cyber security, specifically within security engineering, security architecture, or sales engineering.
• Familiarity with NIST 800-53, ISO, SOC 2, FedRAMP, GDPR, and HIPAA.
• Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels and create external-facing technical content.
• Bachelor’s degree in a related field or equivalent experience, and/or professional certifications such as CISSP, CCSP, GCSA, CISA, or CRISC.
• Experience conducting security reviews and threat modeling on infrastructure, software, and services.

Responsibilities

• Serve as a trusted advisor to enterprise customers, CISOs, CIOs, and guiding them on Smartsheet security, compliance, and risk management.
• Evaluate customer infrastructure diagrams and data flows, and how Smartsheet can help with automation without compromising security.
• Present scanning results (NIST 800-53 gaps, vulnerability scans, DAST/pen test, IaC scans) to customers including walking through remediations. Help customers interpret scan results and develop deviation rationales for findings that can't be directly remediated.
• Bridge the gap between FedRAMP, NIST 800-53 control language and Smartsheet implementation. Explain what NIST 800-53 controls mean in terms of Terraform configs, Kubernetes manifests, CI/CD pipelines and cloud configuration of Smartsheet across AWS and GCP.
• Provide executive-level support during major customer security incidents and ensure lessons learned inform improvements. Understand and adhere to legal, regulatory and compliance requirements while working on sensitive security incidents.
• Represent our cloud and AI security strategy at industry events, conferences, and customer councils.
• Capture new business by responding to complex customer security questionnaires and technical inquiries using automation and AI tooling, ensuring security-related impediments to closing deals are removed efficiently.
• Work alongside product engineering and Corporate IT to define technical specs for security features and protective measures that meet evolving customer requirements.
• Translate customer security concerns and regulatory needs into clear technical problem definitions for internal teams.
• Create and distribute technical assets (white papers, solution code, blog posts, and video demonstrations).

Benefits

• Medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
• Monthly stipend to support your work and productivity
• Flexible Time Away Program, plus Sick Time Off
• US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
• US employees receive 12 paid holidays per year
• Up to 24 weeks of Parental Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
• Teleworking options from any registered location in the U.S. (role specific)