Software Engineer II, FedRamp

For over 20 years, Smartsheet has helped people and teams achieve–well, anything. From seamless work management to smart, scalable solutions, we’ve always worked with flow. We’re building tools that empower teams to automate the manual, uncover insights, and scale smarter. But more than that, we’re creating space– space to think big, take action, and unlock the kind of work that truly matters. Because when challenge meets purpose, and passion turns into progress, that’s magic at work, and it’s what we show up for everyday.

Automation is the key to creating highly reliable and secure large-scale software systems. Are you ready to launch your career by engineering solutions rather than simply fixing problems?

We are looking for a Software Engineer II to join our global Secure Platform Operations team. This is a unique opportunity for an early-career engineer to work at the intersection of infrastructure, automation, and security. You will be mentored by senior leaders to help build a platform that is resilient and secure by design.

In this role, you will learn to treat security and reliability as software engineering challenges. You will grow into a key contributor who ensures our production environment is scalable, defensible, and highly reliable.

What You Will Do

• Lead architecture interviews with stakeholders to ensure all critical control areas throughout the architecture are designed to meet FedRamp program requirements.
• Develop architecture briefing documents to inform the Government FedRAMP program manager and internal stakeholders with FedRAMP program requirements, technical capabilities, and any concerns noted from the material review
• Support Continuous Monitoring activities including but not limited to items such as reviewing annual package submissions, reviewing and scoping significant change proposals, reviewing risk acceptance documents, etc.
• Interpret FedRAMP and other agency requirements and provide internal teams guidance regarding expectations, technical requirements, and processes.
• Stay informed of updated FedRAMP guidance, industry best practices, emerging technologies, and Government cybersecurity directives, and provide recommendations to internal stakeholders regarding impacts.
• Learn and Build Secure Infrastructure: Under the guidance of senior engineers, you will assist in designing and maintaining secure infrastructure in our multi-cloud environment (AWS) using Infrastructure as Code (Terraform).
• Automate Security & Workflows: You will write code (Python, Go, or Bash) to automate manual tasks, threat detection, and vulnerability management processes.
• Secure the Pipeline: You will help integrate security tools (SAST, DAST, SCA) into our CI/CD pipelines, ensuring developers receive fast, actionable feedback on their code.
• Support Container Operations: You will gain hands-on experience managing and securing our container orchestration platform (Kubernetes/EKS) and self-hosted GitLab Runners.
• Collaborate and Grow: You will participate in code reviews, technical discussions, and blameless post-mortems to learn operational excellence and security best practices.

What You Have:

• US Person Status: Must be a U.S. Citizen, U.S. National to meet federal compliance requirements.
• Education: A BS or MS in Computer Science, Engineering, or a related field (or equivalent capability).
• Security: 3+ years of experience in IT Security, with at least two years of hands-on technical experience as a System Architect or Security Engineer.
• FedRAMP: Two years of experience supporting FedRAMP programs, including familiarity with continuous monitoring, package reviews or significant change processes.
• Foundational Coding Skills: Proficiency in at least one modern programming or scripting language, such as Python, Java, or Bash with a willingness to expand that skillset.
• Cloud Foundation: Working knowledge of cloud concepts (AWS preferred) with a preferred experience in Infrastructure as Code (Terraform).
• Security Mindset: Solid understanding of security concepts (e.g., OWASP Top 10), with a strong interest in the cybersecurity landscape.
• Problem Solving: A critical thinker who enjoys troubleshooting complex technical problems methodically, asks good questions, and knows when to dig in independently versus bringing others in.
• Communication: Excellent verbal and written communication skills and a collaborative spirit. Able to explain technical concepts to both engineering peers and non-technical stakeholders.

Nice to Have

• Hands-on experience in DevOps, SRE, or Software Engineering.
• Experience with Linux/Unix command line.
• Practical exposure to Docker, Kubernetes, or CI/CD pipelines (GitLab or GitHub).
• Familiar with core networking concepts (HTTP, DNS, TCP/IP).