ForgeApply
Try it free

ForgeApply · Job listing

Senior Security Engineer I – GRC FedRAMP (Remote Eligible)

Smartsheet

Remote · -REMOTE, USA-, US

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

For over 20 years, Smartsheet has empowered teams to manage work seamlessly and scale solutions smarter. Now, in our most ambitious chapter yet, we are uniting human teams with AI agents. By orchestrating the work agents do best, automating manual tasks and uncovering insights at scale, we create the space for people to focus on what truly matters: judgment, creativity, and big thinking. That is magic at work, and it’s what we show up for every day.

FedRAMP and GovRAMP (formerly StateRAMP) are transforming how Smartsheet serves government and regulated customers. We need a FedRAMP and GovRAMP subject matter expert to lead these programs—someone with real hands-on experience obtaining and maintaining ATO authorizations, navigating 3PAO assessments, and managing continuous monitoring requirements. In this role, you'll own Smartsheet's FedRAMP and GovRAMP certifications, manage relationships with our 3PAOs, drive annual assessment preparation, manage POA&M processes, and ensure we maintain authorizations at the highest level. You'll understand the nuances of federal compliance, speak fluently with government agencies and authorized assessors, and translate complex regulatory requirements into clear roadmaps for engineering and operations teams. You'll be the voice of federal compliance at Smartsheet and the trusted advisor to government customers on our security posture.

You Will:

• Own FedRAMP and GovRAMP (formerly StateRAMP) certifications and roadmaps: Lead the overall strategy for obtaining and maintaining federal authorizations, including package management, compliance timelines, and authority coordination.

• Manage 3PAO relationships and assessments: Work with accredited third-party assessment organizations to conduct initial assessments and annual re-assessments. Coordinate scoping, evidence preparation, testing coordination, and results validation.

• Lead continuous monitoring (ConMon) execution: Oversee the delivery of monthly, annual, and event-driven FedRAMP deliverables including vulnerability scans, penetration testing, system security plan updates, and compliance reporting.

• Manage Plans of Action and Milestones (POA&M) processes: Own the identification, prioritization, tracking, and remediation of findings. Ensure timely closure of Critical (30 days), High (30 days), and Moderate (90 days) findings while coordinating with engineering and security teams.

• Coordinate significant change requests and system modifications: Work with product and engineering to document, scope, assess, and obtain agency approval for system changes that impact security controls or compliance posture.

• Engage with authorizing officials and federal agencies: Build and maintain relationships with government sponsors, CIOs, and agency decision-makers. Provide regular status updates, respond to questions, and demonstrate authorization compliance.

• Prepare comprehensive assessment packages: Lead the development of System Security Plans (SSP), Security Assessment Plans (SAP), risk exposure tables, and supporting documentation required for audits.

• Drive compliance automation and efficiency: Identify opportunities to automate evidence collection, simplify reporting, and reduce manual effort while maintaining rigor and auditability.

You Have:

• 5+ years of hands-on experience with FedRAMP and/or GovRAMP (StateRAMP) programs, including direct involvement in obtaining and maintaining ATOs.

• Proven experience working with accredited 3PAOs: You've coordinated initial assessments, managed annual re-assessments, provided evidence packages, and worked through test results and findings.

• A degree in Computer Science, Computer Engineering, Cybersecurity or a related field or equivalent practical experience.

• Deep understanding of FedRAMP continuous monitoring requirements: Comprehensive knowledge of monthly deliverables, annual assessment cycles, POA&M management, vulnerability scan and penetration test requirements, and compliance reporting cadences.

• Strong NIST 800-53 control knowledge: Fluency with control baselines, supplemental overlays (ITAR, CJIS, HIPAA, etc.), impact level determination, and control selection for various system types.

• Project management and stakeholder coordination skills: Experience managing complex, multi-month compliance programs with multiple dependencies, stakeholders, and tight deadlines.

• Technical foundation in cloud security and compliance: Working knowledge of AWS/GCP/Azure, cloud security controls, identity and access management, encryption, logging, and incident response—sufficient to understand system architecture and control implementations.

• Excellent documentation and communication skills: Ability to write clear System Security Plans, coordinate across multiple stakeholders, and translate technical and compliance concepts for government audiences.

• Understanding of federal procurement and contracting: Familiarity with how government agencies acquire and authorize cloud services, and the role of compliance in federal GTM.

• US Person Status: Must be a U.S. Citizen, U.S. National to meet federal compliance requirements.

Nice to Have:

• Professional certifications: CISSP, CISM, CISA, CRISC, or FedRAMP-specific credentials.

• Experience with multiple impact levels: IL2 (Low), IL4 (Moderate), IL6 (High) systems and their specific requirements.

• Background in government contracting, DoD CMMC, or other federal compliance frameworks.

• Experience with SaaS FedRAMP authorization, particularly multi-tenant systems and JAB vs. Agency ATO pathways.

Current US Perks & Benefits:

• Employer subsidized medical/vision and dental coverage for full-time employees

• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)

• Monthly stipend to support your work and productivity

• Flexible Time Away Program, plus Sick Time Off

• US employees are automatically covered under Smartsheet-sponsored life

Ready to apply to Smartsheet?

Apply in about a minute

Similar jobs

More like this: Security & Cybersecurity Jobs · Remote Security & Cybersecurity Jobs · More jobs at Smartsheet · Browse all jobs