Senior Security Engineer I – GRC FedRAMP (Remote Eligible)
Quick Summary
For over 20 years, Smartsheet has empowered teams to manage work seamlessly and scale solutions smarter. Now, in our most ambitious chapter yet, we are uniting human teams with AI agents.
For over 20 years, Smartsheet has empowered teams to manage work seamlessly and scale solutions smarter. Now, in our most ambitious chapter yet, we are uniting human teams with AI agents. By orchestrating the work agents do best, automating manual tasks and uncovering insights at scale, we create the space for people to focus on what truly matters: judgment, creativity, and big thinking. That is magic at work, and it’s what we show up for every day.
FedRAMP and GovRAMP (formerly StateRAMP) are transforming how Smartsheet serves government and regulated customers. We need a FedRAMP and GovRAMP subject matter expert to lead these programs—someone with real hands-on experience obtaining and maintaining ATO authorizations, navigating 3PAO assessments, and managing continuous monitoring requirements. In this role, you'll own Smartsheet's FedRAMP and GovRAMP certifications, manage relationships with our 3PAOs, drive annual assessment preparation, manage POA&M processes, and ensure we maintain authorizations at the highest level. You'll understand the nuances of federal compliance, speak fluently with government agencies and authorized assessors, and translate complex regulatory requirements into clear roadmaps for engineering and operations teams. You'll be the voice of federal compliance at Smartsheet and the trusted advisor to government customers on our security posture.
- Own FedRAMP and GovRAMP (formerly StateRAMP) certifications and roadmaps: Lead the overall strategy for obtaining and maintaining federal authorizations, including package management, compliance timelines, and authority coordination.
- Manage 3PAO relationships and assessments: Work with accredited third-party assessment organizations to conduct initial assessments and annual re-assessments. Coordinate scoping, evidence preparation, testing coordination, and results validation.
- Lead continuous monitoring (ConMon) execution: Oversee the delivery of monthly, annual, and event-driven FedRAMP deliverables including vulnerability scans, penetration testing, system security plan updates, and compliance reporting.
- Manage Plans of Action and Milestones (POA&M) processes: Own the identification, prioritization, tracking, and remediation of findings. Ensure timely closure of Critical (30 days), High (30 days), and Moderate (90 days) findings while coordinating with engineering and security teams.
- Coordinate significant change requests and system modifications: Work with product and engineering to document, scope, assess, and obtain agency approval for system changes that impact security controls or compliance posture.
- Engage with authorizing officials and federal agencies: Build and maintain relationships with government sponsors, CIOs, and agency decision-makers. Provide regular status updates, respond to questions, and demonstrate authorization compliance.
- Prepare comprehensive assessment packages: Lead the development of System Security Plans (SSP), Security Assessment Plans (SAP), risk exposure tables, and supporting documentation required for audits.
- Drive compliance automation and efficiency: Identify opportunities to automate evidence collection, simplify reporting, and reduce manual effort while maintaining rigor and auditability.
- 5+ years of hands-on experience with FedRAMP and/or GovRAMP (StateRAMP) programs, including direct involvement in obtaining and maintaining ATOs.
- Proven experience working with accredited 3PAOs: You've coordinated initial assessments, managed annual re-assessments, provided evidence packages, and worked through test results and findings.
- A degree in Computer Science, Computer Engineering, Cybersecurity or a related field or equivalent practical experience.
- Deep understanding of FedRAMP continuous monitoring requirements: Comprehensive knowledge of monthly deliverables, annual assessment cycles, POA&M management, vulnerability scan and penetration test requirements, and compliance reporting cadences.
- Strong NIST 800-53 control knowledge: Fluency with control baselines, supplemental overlays (ITAR, CJIS, HIPAA, etc.), impact level determination, and control selection for various system types.
- Project management and stakeholder coordination skills: Experience managing complex, multi-month compliance programs with multiple dependencies, stakeholders, and tight deadlines.
- Technical foundation in cloud security and compliance: Working knowledge of AWS/GCP/Azure, cloud security controls, identity and access management, encryption, logging, and incident response—sufficient to understand system architecture and control implementations.
- Excellent documentation and communication skills: Ability to write clear System Security Plans, coordinate across multiple stakeholders, and translate technical and compliance concepts for government audiences.
- Understanding of federal procurement and contracting: Familiarity with how government agencies acquire and authorize cloud services, and the role of compliance in federal GTM.
- US Person Status: Must be a U.S. Citizen, U.S. National to meet federal compliance requirements.
Nice to Have
~1 min read- Professional certifications: CISSP, CISM, CISA, CRISC, or FedRAMP-specific credentials.
- Experience with multiple impact levels: IL2 (Low), IL4 (Moderate), IL6 (High) systems and their specific requirements.
- Background in government contracting, DoD CMMC, or other federal compliance frameworks.
- Experience with SaaS FedRAMP authorization, particularly multi-tenant systems and JAB vs. Agency ATO pathways.
What We Offer
~1 min readAt Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You’ll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you’re doing work that stretches you, excites you, and connects you to something bigger, that’s magic at work. Let’s build what’s next, together.
Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, India, and Singapore. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
#LI-Remote
Location & Eligibility
Listing Details
- Posted
- July 16, 2026
- First seen
- July 16, 2026
- Last seen
- July 16, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 87%
- Scored at
- July 16, 2026
Signal breakdown

The foundation for managing projects, programs, and processes that scale.
View company profilePlease let Smartsheet know you found this job on Jobera.
3 other jobs at Smartsheet
View all →Explore open roles at Smartsheet.
Similar Security Engineer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.