Senior Security Engineer II, Application Security (Remote Eligible) | JobSetuu

Description

Job Overview

• Source: Jobicy

Job Description

AI is changing what application security can accomplish. We're not just securing AI; we're using it as a force multiplier to see more risk, act faster, and scale security across a platform used by millions of customers globally. We're looking for a Senior Security Engineer II to join our Application Security team who can do both: bring deep expertise in securing AI-integrated systems, and deploy AI and automation to drive risk visibility and reduction at a scale no traditional security program can match on its own.

This is a high-ownership, technically demanding role for an experienced application security engineer. You will work at the intersection of threat-informed design, engineering automation, and applied AI, doing consequential security work that directly shapes the posture of a modern SaaS platform. If you're a security engineer who writes code to solve security problems, can read a production codebase to find what a scanner misses, and wants your work to matter beyond a ticket queue, we want to talk.

You will report to the Manager, Application Security , based in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer. 

You Will:

• Secure AI Systems and Use AI to Scale Security: Conduct security reviews and threat modeling of AI-integrated product features (LLM workflows, agentic pipelines, model APIs) with working knowledge of AI-specific risk classes including prompt injection, model manipulation, and runtime control gaps; and in parallel, deploy AI and automation as a force multiplier by building tooling, pipelines, and integrations that extend the team's reach, accelerate triage, and drive risk visibility at a scale manual effort alone cannot achieve.
• Deliver Application Security Reviews: Own end-to-end security assessments for high-risk features and services (threat modeling, architecture review, targeted code review, and security testing) embedded in the product development lifecycle. Work directly with engineering teams to surface and close risk before it ships, with enough technical credibility to influence design decisions, not just document findings.
• Advance CI/CD Pipeline Security: Operate and evolve the security scanning controls embedded in Smartsheet's GitLab pipelines (SAST, SCA, secrets, IaC scanning). Tune tools, engage teams on findings, and build automation that reduces false positive burden and improves how developers experience security feedback.
• Run Bug Bounty Operations: Serve as the expert validation layer for Smartsheet's bug bounty program, reproducing and assessing complex, multi-step researcher submissions requiring authenticated context and deep platform knowledge, making defensible severity and payout decisions, and owning program operations including researcher engagement, metrics, and continuous improvement. 

You Have:

• Experience: 8+ years in application security, with a track record of owning complex, multi-capability work in a product security or AppSec engineering role.
• Software engineering foundation: Fluent in one or more modern languages (Java, Python, TypeScript/JavaScript, Go, Ruby, or equivalent); you identify security-relevant patterns without relying on tooling and write automation that others adopt.
• AI security: Hands-on experience securing AI-integrated applications (LLM systems, agentic workflows, model APIs) and demonstrated experience deploying AI and automation to scale security functions or extend team reach. You bring both skill sets.
• Security review depth: Threat modeling, architecture review, and code review for complex SaaS features; you produce findings engineering teams can act on and carry enough technical credibility to influence design decisions, not just document them.
• Manual web application testing: Independent, hands-on validation of complex, multi-step authenticated vulnerabilities; you confirm what scanners flag and find what they miss.
• Bug bounty experience: Operator, active researcher, or both; direct experience with triage, severity calibration, and researcher communication.
• CI/CD pipeline security: Working knowledge of SAST, SCA, secrets, and IaC scanning in modern pipelines, with experience engaging teams on findings and improving signal quality.
• Cloud security fundamentals: Working knowledge of AWS, GCP, or Azure sufficient to tie application-layer risk to the infrastructure it runs on; you understand where the application ends and the cloud begins.
• Legally eligible to work in the U.S. on an ongoing basis
• BS or MS in Computer Science, a related field, or equivalent industry experience

NICE TO HAVE:

• Experience with agentic security, MCP security, or adversarial evaluation of autonomous AI systems.
• GitLab CI/CD experience, including security policy pipeline configuration and scanning job integration.
• Active bug bounty researcher with published findings, CVE credits, or hall of fame recognition.
• Penetration testing program management experience: scope definition, vendor coordination, and finding validation with third-party testers.

Expert Career Tips for Senior Security Engineer II, Application Security (Remote Eligible) Roles

To succeed in a competitive market as a Senior Security Engineer II, Application Security (Remote Eligible), you need more than just technical skills. Here are some expert strategies to elevate your profile:

• Build a Strong Portfolio: For technical roles, a clean GitHub or a personal project site is essential. For non-technical roles, a case study portfolio demonstrating problem-solving and impact is equally valuable. Show, don't just tell, what you have achieved in your previous positions.
• Master the Narrative: When interviewing, use the STAR method (Situation, Task, Action, Result) to structure your answers. Quantify your results wherever possible—mentioning "increased efficiency by 20%" is much more impactful than saying "improved efficiency."
• Continuous Learning: The industry moves fast. Whether it's staying updated with the latest AI tools or mastering a new management methodology, continuous professional development is key. Consider obtaining industry-recognized certifications that align with Senior Security Engineer II, Application Security (Remote Eligible) requirements.
• Networking: Connect with other professionals in similar roles. Join online communities, attend webinars, and engage in meaningful discussions on professional social networks. Often, the best opportunities come through referrals and community engagement.
• Soft Skills Matter: Communication, empathy, and leadership are often the deciding factors between two equally qualified technical candidates. Cultivate these skills as they are universally valued across all industries and seniority levels.

Additionally, research the specific company's culture and values. Tailoring your application to show how you align with their mission can significantly increase your chances of moving forward in the process.

Salary & Compensation

Salary not disclosed; typically competitive for the role.

Work Arrangement

Type: On-Site

Standard business hours at the office.

Comprehensive Application Strategy & Hiring Process

Applying for a new role is a marathon, not a sprint. Follow this strategic approach to maximize your success rate:

1. Initial Research & Tailoring

Don't send the same resume to every employer. Spend at least 30 minutes researching the company. Look for recent news, their product roadmap, and their team structure. Modify your summary and core competencies to reflect the specific keywords found in the job description.

2. The Perfect Cover Letter

If the application allows for a cover letter, use it to tell a story that your resume cannot. Explain why you are passionate about this specific company and how your unique background makes you the perfect fit for the challenges they are currently facing.

3. Navigating the Multi-Stage Interview

Most modern hiring processes involve 3-5 stages. This typically includes a recruiter screen, a technical or skill-based assessment, a peer interview, and a final leadership round. Prepare for each stage differently: focus on enthusiasm and fit for the recruiter, technical depth for the assessment, and strategic vision for the leadership round.

4. Post-Interview Follow-Up

Always send a personalized thank-you note within 24 hours of each interview. Reference a specific topic discussed during the call to demonstrate your active listening and genuine interest in the role.

By following these steps, you demonstrate a high level of professionalism and attention to detail that sets you apart from the average applicant.

Typical Interview Process

1. Resume screening
2. HR call
3. Skill interview
4. Final manager interview
5. Offer

Tip: Research the company's products and culture.

Global Market Intelligence & Relocation Insights

At JobSetuu, we specialize in helping talent navigate the global job market. Here is what you need to know about the current landscape in Global and beyond:

The demand for skilled professionals is increasingly borderless. For roles based in Global, understanding the local cost of living, visa requirements (if applicable), and cultural nuances is vital. If this is a remote role, consider the time zone alignment and the asynchronous communication culture of the hiring organization.

Relocation Support: Many forward-thinking companies offer relocation packages that include moving stipends, temporary housing, and legal assistance with work permits. When evaluating an offer, look beyond the base salary—consider the total compensation package, including equity, bonuses, and healthcare benefits.

Work-Life Balance Trends: Hybrid and remote work have become standard in many regions. Research the local labor laws and common practices regarding work hours and vacation time to ensure the role aligns with your lifestyle goals.

Leveraging JobSetuu's tools can help you compare salaries across different cities and understand the "purchasing power" of your potential offer, ensuring you make an informed decision for your long-term career path.

Skills & Competency Roadmap for Professional Development

To remain competitive in Professional Development, we recommend focusing on the following core competencies over the next 12-18 months:

• Technical Mastery: Deepen your expertise in the core tools and languages relevant to your field. For developers, this might be cloud architecture; for marketers, it might be data-driven attribution modeling.
• AI Augmentation: Learn how to leverage generative AI and automation tools to increase your productivity. Understanding how to integrate these technologies into your workflow is becoming a non-negotiable skill.
• Leadership & Strategy: Even in individual contributor roles, the ability to think strategically and lead projects from inception to completion is highly valued. Focus on stakeholder management and high-level project planning.
• Data Literacy: The ability to interpret data and use it to drive decisions is essential across all business functions. Familiarize yourself with data visualization and basic analytical concepts.

By investing in these areas, you not only prepare yourself for the role you are applying for today but also build a resilient foundation for the opportunities of tomorrow.

Apply via JobSetuu

Discover your next career milestone on JobSetuu. This Senior Security Engineer II, Application Security (Remote Eligible) position is part of our commitment to bringing you the most relevant and high-impact job openings globally. At JobSetuu, we simplify your job search by aggregating premier listings and providing the tools you need to stand out. Don't miss the chance to elevate your professional journey—explore more opportunities and career insights on our platform today.