Sr. Security Engineer

For over 20 years, Smartsheet has helped people and teams achieve–well, anything. From seamless work management to smart, scalable solutions, we've always worked with flow. We're building tools that empower teams to automate the manual, uncover insights, and scale smarter. But more than that, we're creating space– space to think big, take action, and unlock the kind of work that truly matters. Because when challenge meets purpose, and passion turns into progress, that's magic at work, and it's what we show up for everyday.

Automation is the key to creating highly reliable and secure large-scale software systems. Are you someone who engineers solutions to problems rather than simply fixing the same thing over and over again? Can you protect Smartsheet against attackers?

We are looking for a Senior DevSecOps Engineer to join our global Security Operations team. In this critical role, you will be a leader in maturing our security and reliability posture by treating both as software engineering challenges. You will engineer and operate a highly reliable, scalable, and defensible production environment, directly impacting our ability to deliver a world-class service to our customers 24/7. This is a unique opportunity to blend deep expertise in Site Reliability Engineering (SRE) and modern Security Operations, working at the intersection of infrastructure, automation, and security to build a platform that is resilient and secure by design.

You Will:

• Engineer Secure and Resilient Infrastructure: Design, build, maintain, and improve secure, scalable, and highly available infrastructure in our multi-cloud environment (primarily AWS) using Infrastructure as Code (IaC) principles with tools like Terraform, Kubernetes, and Helm.
• Automate Proactive Security: Engineer and automate threat detection, incident response, and vulnerability management processes. You will build the tools and workflows that allow us to respond to threats at machine speed.
• Secure the Software Development Lifecycle: Architect and secure our CI/CD pipelines, integrating automated security tooling (SAST, DAST, SCA) to provide developers with fast, actionable feedback.
• Master Container Security: Manage, operate, and secure our container orchestration platform (Kubernetes), implementing best practices for container security from the registry to runtime, including knowledge of hardening requirements such as CIS Benchmarks or DISA STIG.
• Lead Incident Response: Act as a technical lead during security and reliability incidents, driving resolution and conducting blameless post-mortems to engineer preventative solutions.
• Drive Automated Compliance: Implement and automate technical controls to ensure continuous compliance with frameworks such as FedRAMP, SOC 2, and ISO 27001.
• Mentor and Lead: Serve as a subject matter expert for security and reliability, mentoring other engineers and championing a culture of operational excellence and security ownership across the organization.

You Have:

• 8+ years of progressive experience in technology, with at least 5 years in a hands-on senior role such as Site Reliability Engineering, DevOps, or Security Engineering.
• A BS or MS in Computer Science, Engineering, or a related field, or equivalent industry experience.
• Expert-level proficiency in at least one major cloud provider, preferably AWS, with deep knowledge of core infrastructure and security services.
• Expert-level proficiency with Infrastructure as Code, particularly Terraform.
• Expert-level proficiency in a scripting or programming language such as Python, Go, or Ruby, with a proven history of building automation and custom tooling.
• Deep experience with containerization and orchestration technologies (Kubernetes), including securing containerized environments.
• Proficiency with the modern security operations toolchain, including SIEM, EDR, and vulnerability scanning technologies.
• Experience integrating security tools (SAST, DAST, SCA) into CI/CD pipelines.
• A critical thinker with a proven ability to troubleshoot complex problems in high-pressure production environments.
• Excellent verbal and written communication skills and a collaborative spirit. This will include fluency in English.

Nice to Have

• Advanced industry certifications such as CISSP, CISM, OSCP, or cloud-specific security certifications.
• Experience with compliance frameworks like FedRAMP, ISO27001, SOC2.

Get to Know Us:

At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You'll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you're doing work that stretches you, excites you, and connects you to something bigger, that's magic at work. Let's build what's next, together.

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.