Smartsheet is looking to mature its security and reliability posture by treating both as software engineering challenges, and deliver a world-class service to customers 24/7.
Requirements
- Expert-level proficiency in at least one major cloud provider, preferably AWS, with deep knowledge of core infrastructure and security services.
- Expert-level proficiency with Infrastructure as Code, particularly Terraform.
- Expert-level proficiency in a scripting or programming language such as Python, Go, or Ruby, with a proven history of building automation and custom tooling.
- Deep experience with containerization and orchestration technologies (Kubernetes), including securing containerized environments.
- Proficiency with the modern security operations toolchain, including SIEM, EDR, and vulnerability scanning technologies.
- Experience integrating security tools (SAST, DAST, SCA) into CI/CD pipelines.
- A critical thinker with a proven ability to troubleshoot complex problems in high-pressure production environments.
Responsibilities
- Engineer Secure and Resilient Infrastructure: Design, build, maintain, and improve secure, scalable, and highly available infrastructure in our multi-cloud environment (primarily AWS) using Infrastructure as Code (IaC) principles with tools like Terraform, Kubernetes, and Helm.
- Automate Proactive Security: Engineer and automate threat detection, incident response, and vulnerability management processes. You will build the tools and workflows that allow us to respond to threats at machine speed.
- Secure the Software Development Lifecycle: Architect and secure our CI/CD pipelines, integrating automated security tooling (SAST, DAST, SCA) to provide developers with fast, actionable feedback.
- Master Container Security: Manage, operate, and secure our container orchestration platform (Kubernetes), implementing best practices for container security from the registry to runtime, including knowledge of hardening requirements such as CIS Benchmarks or DISA STIG.
- Lead Incident Response: Act as a technical lead during security and reliability incidents, driving resolution and conducting blameless post-mortems to engineer preventative solutions.
- Drive Automated Compliance: Implement and automate technical controls to ensure continuous compliance with frameworks such as FedRAMP, SOC 2, and ISO 27001.
- Mentor and Lead: Serve as a subject matter expert for security and reliability, mentoring other engineers and championing a culture of operational excellence and security ownership across the organization.
Other
- A BS or MS in Computer Science, Engineering, or a related field, or equivalent industry experience.
- 8+ years of progressive experience in technology, with at least 5 years in a hands-on senior role such as Site Reliability Engineering, or DevOps.
- Excellent verbal and written communication skills and a collaborative spirit. This will include fluency in English.
- Ability to work remotely from anywhere in the US where Smartsheet is a registered employer.
- Advanced industry certifications such as CISSP, CISM, OSCP, or cloud-specific security certifications (nice to have)
