Sr Security Engineer

Sonatafy Technology, headquartered in Scottsdale, Arizona, is an award-winning nearshore software development company with a strong reputation. They have a dedicated in-house team of engineers, offering end-to-end software solutions and supporting client development staff augmentation. Catering to companies of all sizes and industries, including some of the world's largest brands, Sonatafy Technology is a trusted provider of nearshore enterprise-level cloud and mobile application software development services.We are hiring our first Senior Security Engineer to help build and mature our security program across our platform and internal systems.This is a hands-on security engineering role focused on strengthening application security, improving threat detection, and implementing key security controls across our cloud environment.You will work closely with engineering leadership to ensure security is embedded into product development while helping define the company’s long-term security architecture.This role is ideal for someone who enjoys building security practices in a growing engineering organization and having a direct impact on the security posture of a product.What You’ll DoApplication & Platform SecurityConduct security reviews and threat modeling for new product featuresPartner with engineering teams to embed secure development practicesImprove vulnerability management and security scanning processesHelp integrate security tools such as SAST and dependency scanningSecurity Operations & Threat DetectionManage and tune our Web Application Firewall (WAF)Monitor logs and alerts to identify suspicious activityInvestigate and respond to security incidentsImprove detection, logging, and alerting across our platformIdentity & Access ManagementDrive implementation of SSO and centralized identity management Design and enforce least-privilege access controlsEstablish RBAC policies and support access review processesSecurity Strategy & Program DevelopmentHelp define the company’s security roadmapEstablish measurable security KPIs and reportingEvaluate and recommend security tools and controlsCollaborate with leadership on security and privacy considerationsSupport security best practices across engineering and infrastructureLead MDM implementation (Jamf, Kandji, Intune, or similar)Ad-hoc IT Management Support day-to-day security tooling maintenance (i.e., Peripheral provisioning, CI/CD pipelines, SSO provisioning).Required Skills5+ years of experience in Security Engineering, SecOps, AppSec, or DevSecOpsStrong experience securing AWS cloud environmentsExperience implementing and managing AWS-native security services (IAM, GuardDuty, Security Hub, CloudTrail, CloudWatch, Detective, Inspector, KMS, Secrets Manager, Certificate Manager)Strong knowledge of web application security (OWASP Top 10)Experience managing Web Application Firewalls (WAF)Experience with security monitoring, incident response, and threat detectionExperience conducting application security reviews and threat modelingFamiliarity with identity and access management (SSO, RBAC, MFA)Ability to integrate security tooling into engineering and CI/CD workflowsNice to Have SkillsExperience building or scaling security programsExperience in consumer-facing or high-traffic platformsExperience supporting SOC 2, ISO 27001, or similar frameworksFamiliarity with GDPR or privacy-related security requirementsExperience with scripting or automation (Python, Bash, Go, etc.)Why Work with Sonatafy?At Sonatafy, you'll join a community of highly skilled engineers across Latin America supporting innovative U.S.-based teams. You’ll be part of a fast-moving, client-first culture where your code has real-world impact. We offer competitive compensation, a remote-first lifestyle, and career growth opportunities across industries and technologies.If you have reached this point and feel you are our ideal candidate, it’s time for you to apply! To apply, please submit your resume in English.Recruitment Scam Notice:Sonatafy recruitment communications will only come from @sonatafy.com email addresses. We do not request fees, sensitive financial information, or conduct hiring solely through online forms without interviews. If you receive a suspicious message, contact us at careers@sonatafy.com.Official Job Posting Notice:All legitimate Sonatafy job openings are published exclusively on our official LinkedIn page and our careers website at sonatafy.com/careers. If you found this or any other Sonatafy job posting on a third-party platform, job board, or any other external site, please be aware that those listings are not authorized or monitored by us and are very likely a scam. Do not share personal information, pay any fees, or proceed with any process initiated through unofficial channels. When in doubt, visit our official careers page or reach out directly at careers@sonatafy.com.