Smartsheet
Security Engineer II
Smartsheet, Clyde Hill, Washington, United States,
Smartsheet is a tech company with a human story to tell. We're here to empower teams to manage projects, automate workflows, and rapidly build new secure solutions, using simple no-code tools. We're revolutionaries - so for us changing the way the world works is all in a day's work. Cyber Security is an integral part of Smartsheet's corporate culture. At Smartsheet, we believe that it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Cyber Security has a significant effect on privacy, consumer trust, external reputation, and it is a priority on every team's agenda. We are seeking a motivated and detail-oriented Security Engineer to join our team who shares our passion in ensuring our customer data and the Smartsheet platform/service is protected and secured. In this role, you will support development teams with the implementation of Smartsheet's security best practices, ensuring that our applications and infrastructure are secure from the ground up. You will work closely with microservice DevOps teams to automate security processes and manage cloud infrastructure. You will report to our Senior Manager, Security Engineering located in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer. You Will: Security Integration: Assist in integrating security tools and practices into team CI/CD pipelines to identify vulnerabilities early in the development lifecycle. Automation: Develop and maintain scripts to automate security tasks such as scanning, monitoring, and patch management. Monitoring and Alerting: Implement security alerting, provide support to Security Operations to respond to potential threats and vulnerabilities, and participate in rotational on-call support. Collaboration: Work with microservice DevOps, IT support, and compliance teams to ensure secure coding practices and configurations are followed, vulnerabilities are addressed, and security controls are implemented. Cloud Security Posture: Help manage and secure cloud environments (e.g., AWS, GCP) by implementing best practices and security controls. Documentation: Maintain up-to-date documentation of security processes, tools, and configurations. Continuous Learning: Stay informed about the latest security trends, vulnerabilities, and tools to continuously improve the security posture of the organization. You Have: 3+ years of total experience in the field of cyber security and particularly in security engineering Extensive experience in delivering security solutions across multiple environments including on-prem and cloud infrastructure - AWS experience is a plus Experience conducting security reviews and threat modeling on infrastructure software and services. Strong analytical and problem solving skills Experience with network security concepts and capabilities including firewalls Experience deploying and/or utilizing security tooling such as Endpoint Detection and Response (EDR), Virtual Private Networks (VPN), Vulnerability scanning tools, Cloud Security Posture Management (CSPM), Security Information and Event Management (SIEM) Experience with NIST frameworks is a plus (800-53, NCF) Basic understanding of DevOps tools and practices (e.g., Git, Docker). Knowledge of cloud platforms (e.g., AWS, GCP) and their security features. Experience with Infrastructure-as-code and policy-as-code is a plus Experience with hardened image builds and deployment is a plus. Strong problem-solving skills with attention to detail and an eagerness to learn and adapt to new technologies and challenges. Relevant certifications such as CompTIA Security+, AWS Certified Security - Specialty, or similar. In order to comply with federal government requirements, this job is only available to U.S. citizens, U.S. lawful perm