Senior Security Engineer II, Application Security - Smartsheet

Key Responsibilities

• Lead the design and implementation of application security controls for cloud‑native services, ensuring alignment with industry best practices.
• Conduct secure code reviews, static and dynamic analysis, and provide actionable remediation guidance to development teams.
• Develop and maintain threat models, attack trees, and security test plans for new and existing applications.
• Integrate security automation into CI/CD pipelines (DevSecOps) to enable continuous security testing and compliance.
• Collaborate with product, engineering, and incident response teams to investigate and remediate security findings.

Requirements

• 5+ years of hands‑on experience in application security, including secure code review and vulnerability remediation.
• Proficiency with SAST/DAST tools (e.g., SonarQube, Veracode, Burp Suite) and scripting languages such as Python or JavaScript.
• Strong understanding of cloud security concepts, particularly within AWS environments.
• Experience creating threat models, security test plans, and integrating security into CI/CD pipelines.
• Relevant certifications (e.g., OSCP, GWAPT, AWS Security) are a plus.