Listing Description

Cyber Security is an integral part of Smartsheet’s corporate culture. At Smartsheet, we believe that it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Cyber Security has a significant effect on privacy, consumer trust, external reputation, and it is a priority on every team's agenda.

In this critical role, you will be responsible for SecOps capability that detects and responds to a variety of security incidents on a global scale. You will perform the hands-on role of a security analyst and have the opportunity to enhance the overall security incident response experience of the organization. 

In 2005, Smartsheet was founded on the idea that teams and millions of people worldwide deserve a better way to deliver their very best work. Today, we deliver a leading cloud-based platform for work execution, empowering organizations to plan, capture, track, automate, and report on work at scale, resulting in more efficient processes and better business outcomes.

You will be based in our San Jose, Costa Rica office and report to the Senior Manager, Security Engineering. 

You Will:

• Manage Identification, prioritization, and remediation of security incidents.


• Be part of the security incident response team responsible for planning, design, implementation, attack mitigation and ongoing support of security events and incidents of high complexity to fulfill the business needs.


• Perform hands-on investigation of complex security incidents with the help of subject matter experts from different business units to protect organization.


• Provide technical deep understanding of managing and coordinating security incidents, conducting lessons learned (PIR), mitigating cyber risks and improving security controls.


• Work with all interfacing teams to define and baseline the security incident detection and response while meeting established SLAs.


• Coordinate among SecOps analysts, other security experts and managed service providers in support of global security incident response activities.


• Provide direction in the innovation of bleeding-edge security technologies and utilizing a risk-based approach to properly test and introduce them into the overall environment.


• Be passionate in the pursuit of securing Smartsheet’s data and critical assets.


• Effectively manage cross-functional internal and external team collaboration, and communications.


• Respond to and assist with due diligence and internal / external security audit requests.


• Identify opportunities for further enhancements and refinements to security standards and processes.


• Manage customer and internal stakeholder communications during security incidents.


• Coordinating people and processes during troubleshooting and corrective activities.


• Assessing and confirming customer impact during security incidents.


• Addressing questions and concerns from internal and external stakeholders.


• Maintaining security incident timeline while working with managed service providers.


• Be part of rotational on-call support.

You Have:

• Bachelor’s degree in engineering, computer science, information security, or information systems from Tier-I University / College or equivalent experience.


• Strong experience in SaaS, AWS, GCP and Azure cloud security.


• Must have at least 5+ years of total experience in the field of cyber security and specifically in SecOps.


• At least 5+ years of experience in security incident response or security analyst role, which includes collaboration with security experts, managing detection and response goals.


• Experience working on major security incidents while working with various security vendors and internal stakeholders.


• Prior experience in implementing and or supporting 24x7 operations.


• Ability to handle multiple competing priorities in a fast-paced environment.


• Experience demonstrating strong technical IR acumen, self-motivation and accountability.


• Experience on leading complex security incidents cross-functionally and globally.


• Excellent communication skills and Excellent team player.


• Experienced in NIST framework and MITRE attack framework.


• Relevant certification such as CISSP, SANS GPEN, SANS GXPN, SANS GIAC, SANS GREM, Splunk Certification etc.


• OSCP (Offensive Security Certified Professional) is a Plus.


• Expertise in Log aggregation, Correlation and alerting using commercial and Open Source tools


• Experience with SIEM solutions like Splunk, Sumologic, ELK, etc.


• Required knowledge of open source and commercial application security tools and frameworks.


• Understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms.

Perks & Benefits:

• Fully paid Health & Life insurance for full-time employees and family members.


• Monthly stipend to support your work and productivity.


• 12 days paid Vacation + Flexible Time Away Program.


• 20 weeks fully paid Maternity Leave.


• 12 weeks fully paid Paternity/Adoption Leave.


• Personal paid Volunteer Day to support our community.


• Opportunities for professional growth and development including access to LinkedIn Learning online courses.


• Company Funded Perks including a counseling membership and your own personal Smartsheet account.


• Teleworking options from any registered location in Costa Rica (role specific).

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Australia, Costa Rica, and Germany. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

At Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members who also represent the diverse needs of our customers. We're looking for people who are driven, authentic, supportive, effective, and honest. You're encouraged to apply even if your experience doesn't precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we welcome diverse perspectives and people who aren't afraid to be innovative—join us!