Smartsheet is looking for a Senior Application Security Professional to join our DevSecOps / product security team.
The Smartsheet Information Security team owns the entire portfolio of product security practices and focuses on a tools-based approach that automates the detection of commonly identified security weaknesses, eliminates risk through secure frameworks and paved-path designs, and empowers engineering to build products quickly and securely. Trust is one of our core values, and as an engineering organization, trust requires maintaining and improving on systems that secure our customers' data.
You will report to our Director of Product and Application Security. Work will begin remotely (available in registered states only) until deemed safe to return to the office, after which both onsite and remote options will remain available.
- Be an integrated collaborator and resource with the development and engineering teams to help address security within the application/service
- Lead the pen test program that ensures products are developed to meet security standards
- Lead the bug bounty program
- Assess and validate security vulnerabilities and support engineering efforts to design remediation/mitigation solutions
- Participate in the security champions program and help advocate for secure development practices
- Contribute to architecture and design of applications and services
- Automate security testing as part of the development lifecycle
- Perform application threat modeling
- Perform static and dynamic testing
- Evaluate and implement AppSec technologies and tools
- Help establish application and product security standards
- Verifiable expertise in application security for web-based and cloud applications
- Senior-level knowledge of authentication and authorization systems
- Familiarity with SAST/DAST tools
- Strong understanding of DevSecOps frameworks and concepts (BSIMM, shift-left, etc.)
- 4+ years of experience in application and/or product security
- Comprehensive knowledge of common application security attack vectors and security best practices to mitigate application attacks (e.g. OWASP)
Perks & Benefits:
- 100% employer-paid medical, dental, and vision coverage for full-time employees
- Equity - Restricted Stock Units (RSUs) Equity with all offers
- Lucrative Employee Stock Purchase Program (15% discount)
- 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
- Mon thly stipend to support your work and productivity
- 15 days PTO to start, plus Flexible Sick Leave
- Teleworking options from any registered location in the U.S. (role specific)
- Up to 24 weeks of Parental Leave
- Personal paid Volunteer Day to support our community
- Opportunities for professional growth and development including access to Audible for Business and LinkedIn Learning online courses
- Company Funded Perks, including a counseling membership, primary care membership, local retail discounts, and your own personal Smartsheet account
Equal Opportunity Employer:
Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, and Australia. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
At Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members who also represent the diverse needs of our customers. We're looking for people who are driven, authentic, supportive, effective, and honest. You're encouraged to apply even if your experience doesn't precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we welcome diverse perspectives and people who aren't afraid to be innovative—join us!