# Senior Security Engineer II, Application Security (Remote Eligible) Remote from[USA](https://jobicy.com/job-region/usa.md)Salary, yearly, USD 175,000 - 245,000Department [Cybersecurity](https://jobicy.com/categories/cybersecurity.md) Employment type Full Time, Job posted26 Jun 2026Apply before26 Jul 2026Experience level Senior Views / Applies 194 / 60 [About company](https://jobicy.com/company/smartsheet.md) [Share](#share) About [Smartsheet](https://jobicy.com/company/smartsheet.md) Smartsheet is a platform for work management and automation solutions. * [Computer Software](https://jobicy.com/company-category/software.md) * 2005 Actively Hiring Verified job posting This job post has been [manually reviewed](https://jobicy.com/tools/help-center/employee/how-does-jobicy-verify-the-legitimacy-of-remote-job-listings.md) for authenticity and compliance. Tailor Resume Check Job Fit Cover Letter ### Tailor my resume to this job Discover how to best rewrite and optimize your resume for this specific job. You'll receive personalized suggestions and detailed guidance to highlight your key strengths, effectively address the job requirements, and make your application more compelling to recruiters and hiring managers. After analyzing your resume, I can provide several recommendations to better position yourself for this role. Your background in software development shows strong technical skills, particularly in Java and Python development. However, for this Senior Backend Developer position, I notice there could be more emphasis on your experience with microservices architecture and cloud technologies, which are key requirements for this role. I recommend highlighting specific projects where you utilized these technologies and quantifying your achievements to demonstrate impact... Upgrade to Plus ### Am I a good fit for this job? Understand your compatibility with this specific job opportunity. Our detailed analysis will assess your resume against the role's requirements, providing insights into your potential fit, key skill alignments, and areas you might need to develop to be a strong candidate. After assessing your resume against the job requirements, here's a summary of your fit: 1. Overall Match: Moderate Fit (Approx. 65-70%). Your resume shows good alignment with several core responsibilities for the Project Manager role, especially your experience in agile methodologies and stakeholder communication. 2. Key Strengths: Your PMP certification and proven track record in delivering projects on time are strong assets for this position. 3. Potential Gap: The role specifies experience with 'XYZ specific software', which is not explicitly mentioned in your resume. If you have this experience, ensure it's highlighted. 4. Recommendation: Consider adding a quantifiable achievement related to budget management, as this is often a key metric for PM roles... Upgrade to Plus ### Cover Letter Assistant Need help writing a compelling cover letter? Our system can analyze this job and your resume to help you draft personalized paragraphs that highlight your strengths and impress hiring managers. Let me help you draft a strong opening... Dear Hiring Manager, I am writing to express my keen interest in the Senior Marketing Manager position. My background in developing data-driven marketing strategies and leading successful product launches, as detailed in my resume, directly aligns with your need for a candidate capable of enhancing brand visibility and driving market share growth. I am confident I can make a significant contribution to your team... Upgrade to Plus ### AI Summary Smartsheet is seeking a Senior Security Engineer II, Application Security to join their team, focusing on securing AI-integrated systems and using AI to scale security. The role involves conducting security reviews, threat modeling, advancing CI/CD pipeline security, and running bug bounty operations. This is a high-ownership position for an experienced application security engineer who can write code to solve security problems and work directly with engineering teams. The position offers remote work from anywhere in the US where Smartsheet is a registered employer. ### Role DNA Job Complexity Easy Hard Pace & Pressure Relaxed Fast-paced Autonomy Level Guided Full Ownership Communication Load Independent Highly Collaborative AI Insight The role requires deep expertise in application security, AI security, and the ability to perform complex threat modeling and code reviews, making it one of the most challenging in the security domain. ### Salary Analysis Median Highly Competitive USD210,000US Market USD150k – 250k 0 USD275k AI Insight The offered salary range of $175,000 - $245,000 is highly competitive, reflecting the seniority and specialized skills required, particularly in AI security. The median of $210,000 is above the typical market range for similar roles, indicating the company values this expertise. ### Key Skills Application Security Threat Modeling AI Security LLM Security CI/CD Security SAST/SCA Bug Bounty Java Python Automation ### Cover Letter Sample Dear Hiring Manager, I am excited to apply for the Senior Security Engineer II, Application Security position at Smartsheet. With over 8 years of experience in application security and a strong background in software engineering, I have a proven track record of securing complex systems and integrating security into the development lifecycle. My expertise in AI security, including threat modeling for LLMs and agentic pipelines, aligns perfectly with your focus on securing and leveraging AI. I have hands-on experience deploying automation and AI to scale security operations, reducing false positives and accelerating risk detection. I am particularly drawn to Smartsheet's mission of uniting human teams with AI agents. I am eager to bring my skills in CI/CD pipeline security, bug bounty management, and cross-team collaboration to your team. Thank you for considering my application. I look forward to the opportunity to contribute to Smartsheet's security posture and innovative culture. Sincerely, [Your Name] Copy ### Possible Interview Questions Describe your experience with securing AI-integrated applications, including LLMs and agentic workflows. What specific risks have you addressed?I have conducted security reviews for several AI features, focusing on prompt injection, model manipulation, and data leakage. For example, I implemented input validation and output sanitization for an LLM-based chatbot, and designed rate limiting and access controls to prevent abuse.How have you used automation or AI to scale security operations in a previous role?I built a pipeline using Python and Jenkins to automatically scan code changes for known vulnerabilities and misconfigurations. I also deployed a machine learning model that prioritized alerts based on risk, reducing manual triage time by 40%.Walk me through your approach to a threat modeling exercise for a new service. What frameworks do you use?I typically use STRIDE and attack trees. Starting with data flow diagrams, I identify assets, trust boundaries, and potential threats. For example, in a microservices architecture, I focus on inter-service communication and authentication. I then collaborate with developers to prioritize and mitigate risks.How do you handle false positives in security scanning tools? Give an example.In a previous role, SAST reported many false positives for SQL injection in our code. I analyzed the code context, built custom rules to suppress known false patterns, and worked with the team to create unit tests that validated the accuracy. This reduced noise by 60%.Tell me about a time you influenced a design decision to improve security without blocking development.During a review of a new API, I identified that it exposed internal IPs. Instead of delaying the release, I suggested using a proxy with rate limiting and IP masking, which the team integrated quickly. We also added a security review step for future APIs. For over 20 years, Smartsheet has empowered teams to manage work seamlessly and scale solutions smarter. Now, in our most ambitious chapter yet, we are uniting human teams with AI agents. By orchestrating the work agents do best, automating manual tasks and uncovering insights at scale, we create the space for people to focus on what truly matters: judgment, creativity, and big thinking. That is magic at work, and it’s what we show up for every day. AI is changing what application security can accomplish. We’re not just securing AI; we’re using it as a force multiplier to see more risk, act faster, and scale security across a platform used by millions of customers globally. We’re looking for a Senior Security Engineer II to join our Application Security team who can do both: bring deep expertise in securing AI-integrated systems, and deploy AI and automation to drive risk visibility and reduction at a scale no traditional security program can match on its own. This is a high-ownership, technically demanding role for an experienced application security engineer. You will work at the intersection of threat-informed design, engineering automation, and applied AI, doing consequential security work that directly shapes the posture of a modern SaaS platform. If you’re a security engineer who writes code to solve security problems, can read a production codebase to find what a scanner misses, and wants your work to matter beyond a ticket queue, we want to talk. You will report to the Manager, Application Security , based in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer. You Will: * Secure AI Systems and Use AI to Scale Security: Conduct security reviews and threat modeling of AI-integrated product features (LLM workflows, agentic pipelines, model APIs) with working knowledge of AI-specific risk classes including prompt injection, model manipulation, and runtime control gaps; and in parallel, deploy AI and automation as a force multiplier by building tooling, pipelines, and integrations that extend the team’s reach, accelerate triage, and drive risk visibility at a scale manual effort alone cannot achieve. * Deliver Application Security Reviews: Own end-to-end security assessments for high-risk features and services (threat modeling, architecture review, targeted code review, and security testing) embedded in the product development lifecycle. Work directly with engineering teams to surface and close risk before it ships, with enough technical credibility to influence design decisions, not just document findings. * Advance CI/CD Pipeline Security: Operate and evolve the security scanning controls embedded in Smartsheet’s GitLab pipelines (SAST, SCA, secrets, IaC scanning). Tune tools, engage teams on findings, and build automation that reduces false positive burden and improves how developers experience security feedback. * Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet’s bug bounty program, reproducing and assessing complex, multi-step researcher submissions requiring authenticated context and deep platform knowledge, making defensible severity and payout decisions, and owning program operations including researcher engagement, metrics, and continuous improvement. You Have: * Experience: 8+ years in application security, with a track record of owning complex, multi-capability work in a product security or AppSec engineering role. * Software engineering foundation: Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent); you identify security-relevant patterns without relying on tooling and write automation that others adopt. * AI security: Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs) and demonstrated experience deploying AI and automation to scale security functions or extend team reach. You bring both skill sets. * Security review depth: Threat modeling, architecture review, and code review for complex SaaS features; you produce findings engineering teams can act on and carry enough technical credibility to influence design decisions, not just document them. * Manual web application testing: Independent, hands-on validation of complex, multi-step authenticated vulnerabilities; you confirm what scanners flag and find what they miss. * Bug bounty experience: Operator, active researcher, or both; direct experience with triage, severity calibration, and researcher communication. * CI/CD pipeline security: Working knowledge of SAST, SCA, secrets, and IaC scanning in modern pipelines, with experience engaging teams on findings and improving signal quality. * Cloud security fundamentals: Working knowledge of AWS, GCP, or Azure sufficient to tie application-layer risk to the infrastructure it runs on; you understand where the application ends and the cloud begins. * Legally eligible to work in the U.S. on an ongoing basis * BS or MS in Computer Science, a related field, or equivalent industry experience NICE TO HAVE: * Experience with agentic security, MCP security, or adversarial evaluation of autonomous AI systems. * GitLab CI/CD experience, including security policy pipeline configuration and scanning job integration. * Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition. * Penetration testing program management experience: scope definition, vendor coordination, and finding validation with third-party testers. Current US Perks & Benefits: * Employer subsidized medical/vision and dental coverage for full-time employees * 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay) * Monthly stipend to support your work and productivity * Flexible Time Away Program, plus Sick Time Off * US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans * US employees receive 12 paid holidays per year * Up to 24 weeks of Parental Leave * Personal paid Volunteer Day to support our community * Opportunities for professional growth and development including access to Udemy online courses * Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account * Teleworking options from any registered location in the U.S. (role specific) Smartsheet provides a competitive base salary range for roles that may be hired in different geographic areas we are licensed to operate our business from. Actual compensation is determined by several factors including, but not limited to, level of professional, educational experience, skills, and specific candidate location. In addition, this role will be eligible for a market competitive incentive opportunity. US Base Salary Pay Range$175,000—$245,000 USD Get to Know Us: At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You’ll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you’re doing work that stretches you, excites you, and connects you to something bigger, that’s magic at work. Let’s build what’s next, together. Equal Opportunity Employer: Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know. #LI-Remote Show more [Apply now >](https://jobicy.com/jobs/147873-senior-security-engineer-ii-application-security-remote-eligible.md) * ![Upload CV](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NSIgaGVpZ2h0PSI2NSIgZmlsbD0ibm9uZSIgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48ZyBjbGlwLXBhdGg9InVybCgjQSkiPjxwYXRoIGQ9Ik0wIDBINjVWNjVIMFYwWiIgZmlsbD0iIzAyOWFlYiIvPjxnIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIyIj48cGF0aCBkPSJNMzMuMDQ5IDE1LjQ1NGExLjQzIDEuNDMgMCAwIDAtMi4wOTcgMGwtNy41NzkgOC4xNDdhMS4zOCAxLjM4IDAgMCAwIC4wOSAxLjk3MyAxLjQ0IDEuNDQgMCAwIDAgMi4wMDgtLjA4OGw1LjEwOS01LjQ5MnYyMC42MWExLjQxIDEuNDEgMCAwIDAgMS40MjEgMS4zOTdjLjc4NSAwIDEuNDIxLS42MjUgMS40MjEtMS4zOTd2LTIwLjYxbDUuMTA5IDUuNDkyYTEuNDQgMS40NCAwIDAgMCAyLjAwOC4wODggMS4zOCAxLjM4IDAgMCAwIC4wOS0xLjk3M2wtNy41NzktOC4xNDZ6TTE2Ljc2OSAzOC40YzAtLjc3My0uNjItMS40LTEuMzg1LTEuNFMxNCAzNy42MjcgMTQgMzguNHYuMTAybC4yMTUgNi4yMjljLjIyMyAxLjY4LjcwMSAzLjA5NSAxLjgxMyA0LjIxOHMyLjUxIDEuNjA3IDQuMTcyIDEuODMzYzEuNi4yMTggMy42MzYuMjE4IDYuMTYuMjE4aDExLjI4bDYuMTYtLjIxOGMxLjY2Mi0uMjI2IDMuMDYxLS43MDkgNC4xNzItMS44MzNzMS41ODktMi41MzggMS44MTMtNC4yMThDNTAgNDMuMTEzIDUwIDQxLjA1NSA1MCAzOC41MDNWMzguNGMwLS43NzMtLjYyLTEuNC0xLjM4NS0xLjRzLTEuMzg1LjYyNy0xLjM4NSAxLjRsLS4xOSA1Ljk1OGMtLjE4MiAxLjM3LS41MTUgMi4wOTUtMS4wMjYgMi42MTJzLTEuMjI4Ljg1My0yLjU4MyAxLjAzOGMtMS4zOTUuMTktMy4yNDMuMTkzLTUuODkzLjE5M0gyNi40NjJjLTIuNjUgMC00LjQ5OC0uMDAzLTUuODkzLS4xOTMtMS4zNTUtLjE4NC0yLjA3Mi0uNTIxLTIuNTgzLTEuMDM4cy0uODQ0LTEuMjQyLTEuMDI2LTIuNjEyYy0uMTg3LTEuNDEtLjE5MS0zLjI3OS0uMTkxLTUuOTU4eiIvPjwvZz48L2c+PGRlZnM+PGNsaXBQYXRoIGlkPSJBIj48cGF0aCBmaWxsPSIjZmZmIiBkPSJNMCAwaDY1djY1SDB6Ii8+PC9jbGlwUGF0aD48L2RlZnM+PC9zdmc+) ### Upload your resume now To unlock remote work opportunities and be discovered by global employers. This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content. ## How to apply ## See a few more Similar Cybersecurity remote jobs * ![GitLab logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2020/12/WRILS-201207055737-109952.jpg) GitLab [VP, Corporate Security](https://jobicy.com/jobs/147876-vp-corporate-security.md) GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeUSD 297,600-360k/year* ![Vercel logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/a6aded72-221.png) Vercel [Security Software Engineer, IAM](https://jobicy.com/jobs/147750-security-software-engineer-iam.md) About Vercel: Vercel is the agentic infrastructure company. We free people and agents to ship what’s next. For more than a decade, Vercel has shaped how the web is built…. ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeUSD 208k-312k/year* ![Synthesia logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/c69aad11-221.webp) Synthesia [Application Security Engineering Manager](https://jobicy.com/jobs/146803-application-security-engineering-manager.md) Synthesia is the world’s leading AI video platform for business, used by over 90% of the Fortune 100. Founded in 2017, the company is headquartered in London, with offices and… ![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg) ![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg) GB, EU•Full TimeJun 16* ![Nebius logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2026/06/d90c0566-221.webp) Nebius [Application Security Engineer](https://jobicy.com/jobs/146769-application-security-engineer-2.md) About Nebius: Nebius is leading a new era in cloud infrastructure for the global AI economy. We are building a full-stack AI cloud platform that supports developers and enterprises from… ![UK flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/gb.svg) ![Europe flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/eu.svg) GB, EU +3 more, DE, NL, CZ•Full TimeEUR 75k-240k/year* ![Experian logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2021/09/dcc5b29a570bb19b9f5c3e150db2fdfe.jpg) Experian [Cyber Defense Senior Analyst](https://jobicy.com/jobs/146651-cyber-defense-senior-analyst.md) Company DescriptionExperian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare,… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeJun 16* ![Fivetran logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/3b8e4532-221-1.jpg) Fivetran [Lead Sales Engineering Specialist – Security](https://jobicy.com/jobs/146498-lead-sales-engineering-specialist-security.md) From Fivetran’s founding until now, our mission has remained the same: to make access to data as simple and reliable as electricity. With Fivetran, customer data arrives in their warehouses,… ![EMEA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/emea.svg) ![Ireland flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/ie.svg) EMEA, IE•Full TimeJun 14* ![Truelogic logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e7ae6cb6-221-1.png) Truelogic [Senior SecOps Automation Engineer – Consumer FinTech](https://jobicy.com/jobs/146284-senior-secops-automation-engineer-consumer-fintech.md) About TruelogicAt Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of… ![LATAM flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/latam.svg) LATAM•Full TimeJun 12* ![Pair Team logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/105c0d0c-221.png) Pair Team [Senior Security Engineer](https://jobicy.com/jobs/146199-senior-security-engineer.md) About Pair TeamPair Team is building a new kind of healthcare system across Medicaid, Medicare, and public assistance programs: one that recognizes that access to housing, nutritious food, and reliable… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeUSD 170k-190k/year* ![ECS logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e346542a-221.png) ECS [Computer Security System Specialist](https://jobicy.com/jobs/146111-computer-security-system-specialist.md) ECS is seeking an experienced Computer Security System Specialist to work remotely providing cybersecurity support for the work performed under this contract for NIH NIAID Enabling and Advancing Technologies (NEAT). All other tasks… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeJun 10* ![ECS logo](https://jobicy.com/data/server-nyc0409/galaxy/mercury/2025/06/e346542a-221.png) ECS [Network and Cybersecurity Delivery Lead](https://jobicy.com/jobs/146108-network-and-cybersecurity-delivery-lead.md) ECS is seeking an experienced Network and Cybersecurity Delivery Lead to work remotely providing infrastructure support for the work performed under this contract for NIH NIAID Enabling and Advancing Technologies (NEAT). All other… ![USA flag](https://cloud.jobicy.com/nyc4-cold/img/round-flags/us.svg) US•Full TimeJun 10 [More Jobs](https://jobicy.com/jobs.md)