Senior Security Engineer

Senior Security EngineerMango VoiceLocation: Remote or Hybrid — Lehi or St. George, UTDepartment: EngineeringReports To: Director of Security and ComplianceAbout Mango VoiceMango Voice is a leading provider of cloud-based communication solutions, helping businesses of all sizes connect with their customers through innovative VoIP, SMS, and collaboration tools. We are rapidly expanding our platform and are committed to maintaining the highest standards of security and compliance as we scale.The RoleMango Voice is searching for an experienced, deeply hands-on Senior Security Engineer to help drive security across our cloud infrastructure, development pipelines, and engineering organization. This is not a policy-writing or advisory seat — you will be rolling up your sleeves every day: configuring AWS security tooling, triaging and remediating vulnerabilities, hardening our infrastructure, and actively partnering with engineers to build secure-by-default practices.If you are most comfortable in a purely governance or compliance-management role, this is not the right fit. We need someone who is equally at home at the command line and in a design review, and who takes personal ownership of the security posture of our platform.Key ResponsibilitiesHands-On AWS Security OperationsOperate AWS Inspector daily — actively configure and manage continuous vulnerability scanning across EC2 instances and container images, and own the remediation pipeline for findings end-to-end.Own AWS Security Hub (Security Agent) — set up and tune aggregation of findings from GuardDuty, Inspector, and others; prioritize, assign, and track resolution across engineering teams.Respond to security events in real time — investigate anomalies, alerts, and other incidents; contain issues and drive post-incident reviews.Harden AWS infrastructure hands-on — enforce least-privilege IAM policies, audit security group and network configurations, and automate remediation using Config Rules, Lambda, or IaC.Application & Supply Chain SecurityManage GitHub Dependabot and Security Alerts across all repositories — configure automated scanning, triage alerts by risk, build escalation workflows, and work directly with engineers to close vulnerabilities on time.Embed security into CI/CD — integrate tooling into GitHub Actions pipelines so security checks are a standard part of every pull request and deployment.Conduct hands-on security and secure code reviews for new features, third-party integrations, and architectural changes, providing specific, actionable guidance to developers.SOC 2 Familiarity & Compliance SupportWhile you will not be the sole owner of our SOC 2 program, you are expected to have a solid, working familiarity with SOC 2 controls and what they require in practice. You will:Understand SOC 2 Trust Services Criteria well enough to advise engineering teams on control implementation and gaps.Contribute to evidence collection and control documentation when audits or assessments are in progress.Ensure that logging, monitoring, access controls, and incident response practices align with SOC 2 expectations.Collaborate with compliance and operations stakeholders to keep security controls current and well-documented.Engineering Collaboration & Best PracticesPartner with engineers directly — sit in architecture reviews, pull request discussions, and product planning to identify security risks early and collaboratively build fixes into the work.Develop and maintain security best practices that engineers can actually use — clear, practical runbooks, standards, and guidelines rather than abstract policy documents.Deliver developer-focused security guidance — translate complex security concepts into actionable advice tailored to backend and infrastructure engineers.Mentor engineers on secure coding practices and foster a culture where security is a shared responsibility across the team.Required QualificationsExperience: 5+ years of hands-on security engineering, with a strong focus on cloud and application security in production environments.AWS Security — Hands-On: Deep, practical experience operating AWS Inspector, AWS Security Hub, GuardDuty, IAM, CloudTrail, and Config. You have configured and tuned these services yourself, not just reviewed dashboards.GitHub Security Tooling: Direct experience managing GitHub Dependabot and Security Alerts across multiple repositories, including building triage and remediation workflows with engineering teams.Vulnerability Management Ownership: A track record of not just finding vulnerabilities but driving them to closure — managing remediation backlogs, working across teams, and tracking metrics.SOC 2 Familiarity: Working knowledge of SOC 2 Trust Services Criteria and how controls map to real engineering and infrastructure practices. Hands-on SOC 2 experience (as an implementer, not just an observer) is strongly preferred.Cloud Architecture: Strong understanding of AWS networking, security boundaries, IAM, and multi-account structures.Collaboration: Proven ability to work directly and effectively with software engineers — influencing without authority, giving actionable code-level guidance, and building trust with technical peers.Communication: Excellent written and verbal communication; able to explain security risk clearly to both engineers and non-technical stakeholders.Preferred QualificationsCertifications: AWS Security Specialty, CISSP, CISM, or equivalent.Scripting & Automation: Python or similar for automating security tasks; experience with security reviews and automation.CI/CD Security: Hands-on experience embedding SAST, DAST, and SCA tooling into GitHub Actions or similar pipelines.Penetration Testing: Practical experience conducting or coordinating application or infrastructure penetration tests.Additional Frameworks: Familiarity with HIPAA or other compliance frameworks relevant to SaaS or healthcare.Industry Experience: Background in SaaS, telecommunications, or healthcare environments.VoIP/Communications Security: Understanding of security considerations in VoIP, SIP, or real-time communications platforms is a plus.Mango Voice is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We are unable to provide employment visa sponsorship at this time. Applicants must be authorized to work in the United States without current or future sponsorship requirements.