SmartsheetRemote
Sr. Security Engineer 1 (Customer Trust)
United States of America
Full Time
1 week ago
$145,000 - $194,000 USD
H1B Sponsor Likely
Key skills
AIAWSGCPTerraformKubernetesSSOSDLCCI/CDRisk ManagementCommunicationProblem SolvingSales
About this role
Smartsheet has been a leader in work management solutions for over 20 years, and they are seeking a Sr. Security Engineer I to enhance customer security and governance capabilities. This role involves supporting security compliance during sales, bridging communication between customer security requirements and product engineering, and developing security features that meet customer needs.
Responsibilities:
- Serve as a trusted advisor to enterprise customers, CISOs, CIOs, and guiding them on Smartsheet security, compliance, and risk management
- Evaluate customer infrastructure diagrams and data flows, and how Smartsheet can help with automation without compromising security
- Present scanning results (NIST 800-53 gaps, vulnerability scans, DAST/pen test, IaC scans) to customers including walking through remediations. Help customers interpret scan results and develop deviation rationales for findings that can't be directly remediated
- Bridge the gap between FedRAMP, NIST 800-53 control language and Smartsheet implementation. Explain what NIST 800-53 controls mean in terms of Terraform configs, Kubernetes manifests, CI/CD pipelines and cloud configuration of Smartsheet across AWS and GCP
- Provide executive-level support during major customer security incidents and ensure lessons learned inform improvements. Understand and adhere to legal, regulatory and compliance requirements while working on sensitive security incidents
- Represent our cloud and AI security strategy at industry events, conferences, and customer councils
- Capture new business by responding to complex customer security questionnaires and technical inquiries using automation and AI tooling, ensuring security-related impediments to closing deals are removed efficiently
- Work alongside product engineering and Corporate IT to define technical specs for security features and protective measures that meet evolving customer requirements
- Translate customer security concerns and regulatory needs into clear technical problem definitions for internal teams
- Create and distribute technical assets (white papers, solution code, blog posts, and video demonstrations)
Requirements:
- Strong analytical and problem solving skills
- Ability to explain CI/CD and SDLC best practices and how Smartsheet is deployed
- Hands-on experience with AAA implementations (SSO, IdP, MFA enforcement, session management, etc.)
- Hands-on experience with enterprise system and application integrations, and with security tooling such as EDR, VPNs, Vulnerability scanners, CSPM, and SIEM/CASB
- 5+ years of total experience in cyber security, specifically within security engineering, security architecture, or sales engineering
- Familiarity with NIST 800-53, ISO, SOC 2, FedRAMP, GDPR, and HIPAA
- Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels and create external-facing technical content
- Bachelor's degree in a related field or equivalent experience, and/or professional certifications such as CISSP, CCSP, GCSA, CISA, or CRISC
- Experience conducting security reviews and threat modeling on infrastructure, software, and services
- Must be legally eligible to work in the US on an ongoing basis