• Lead end-to-end execution of internal and external audits (SOC 1, SOC 2, PCI DSS). • Act as the primary point of contact for auditors. • Establish and improve audit readiness processes. • Drive tracking and remediation of audit findings. • Partner with the Security Compliance Manager to shape and mature the global compliance program. • Contribute to the design and improvement of control frameworks. • Identify opportunities to improve efficiency and effectiveness across compliance and audit processes. • Support development and refinement of security policies, standards, and guidance. • Contribute to compliance awareness and training initiatives. • Ensure policies are actionable, testable, and aligned to real-world controls. • Define and track key compliance and audit metrics. • Mentor and support junior compliance specialists.

Role Description The Senior Application Security Engineer is a highly technical, engineering-driven role within NinjaOne’s Information Security organization. This position focuses on embedding security into the software development lifecycle by working directly with development, platform, and product teams from design through deployment. - Build and maintain internal application security tooling. - Design scalable security automation. - Write production-quality code to address security challenges at scale. - Help define application security architecture standards. - Integrate security-by-design controls into CI/CD pipelines. - Leverage AI/LLM-based workflows to improve signal quality, reduce manual effort, and accelerate secure development practices. Qualifications - Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent practical experience). - 3+ years of experience in Application Security, DevSecOps, or Software Engineering with a strong security focus. - 5+ years in cybersecurity-related roles. - Proficiency in Golang and Python (required); Node.js/React experience is a plus. - Proven ability to break down complex systems to identify logic, performance, and design performance issues to scale up the software. - Strong AWS experience and familiarity with modern software delivery practices such as Infrastructure as Code, containers, and service-oriented architectures. - Broad systems knowledge across Linux, Windows, macOS, and networking fundamentals (TCP/IP, secure network design). - Solid understanding of application security fundamentals, including authentication, authorization, cryptography, secure communications, and common vulnerability classes. - Ability to analyze complex systems, identify scalability and security risks, and communicate effectively with engineers and leadership. Requirements - English resumes required. - Location: Brazil, Ecuador, Colombia, Mexico (LATAM). Benefits - Flexible working hours with home office options. - Opportunity to grow personally and together with one of the fastest growing companies globally. - Access to a renowned training platform for skill development. - Competitive compensation. - Collaboration with an amazing international workforce. Company Description NinjaOne automates the hardest parts of IT to deliver visibility, security, and control over all endpoints for more than 30,000 customers. The NinjaOne automated endpoint management platform is proven to increase productivity, reduce security risk, and lower costs for IT teams and managed service providers. - NinjaOne is obsessed with customer success and provides free and unlimited onboarding, training, and support. - NinjaOne is #1 on G2 in endpoint management, patch management, remote monitoring and management, and mobile device management.

• Operate and maintain cloud security tools to monitor, detect, and respond to security risks across cloud environments. • Maintain documentation for cloud security tools processes, procedures, and operational playbooks. • Participate in incident response activities and post‑incident reviews related to cloud environments. • Write automation for data collection from various tools to generate comprehensive Cloud Security KPI metrics reporting.

• Actively participate in the Identity Field Center of Excellence to deliver value to clients by aligning Optiv services with our key technology partner solutions (SailPoint, Saviynt, Ping, Okta, Cisco, CyberArk, BeyondTrust, and Delinea) • Maintain advanced knowledge of the client’s security environment, business operations, security needs, and risk appetite • Identify their security concerns and how they correlate to Optiv’s strategic solutions across the assigned domain and holistic cybersecurity programs • Identify cross-sell and upsell opportunities across clients and Optiv's partner relationships • Qualify leads and partner with internal colleagues to determine scope, proposal management, and follow through to closure • Participate in sales opportunities across Optiv's entire portfolio • Clearly articulate how the necessary elements of the Optiv technology and services portfolio meet the specific needs of client stakeholders at a senior leadership level • Drive the generation services and technologies business to meet or exceed quarterly and annual quota objectives in partnership with the account and domain teams • Stay abreast of industry trends, news, and maintain a broad understanding of the security landscape to facilitate thought leadership, support, analysis, and guidance to clients and internal Optiv groups • Collaborate with service delivery to ensure the team has necessary supporting domain specialty materials that present a consistent and comprehensive approach • Effectively work with multiple client personas across the security leadership team, as well as other relevant personas to develop security strategy and define roadmaps to execute on security strategy aligned business goals, budgetary spend, and metrics based on return of investment • Maintain advisory relationships with key stakeholders at clients by facilitating thought leadership, support, information, and guidance in conjunction with sales partners • Identify and drive complete security programs to meet client objectives across technology and services including; driving new discussions by leveraging peer and industry network contacts performing requirements gathering analysis, and technology selection criteria coordinating demonstrations and security technology evaluations drive cross organizational solutions leveraging Optiv's portfolio • Interface and partner with internal Optiv teams, particularly service delivery liaisons, to align client expectations with the entire Optiv solution portfolio to ensure service delivery excellence and client satisfaction • Identify new and emerging technologies for internal enablement and exposure to clients • Promote Optiv’s portfolio and security awareness at speaking events, partner events, and leveraging social media • Build a reputation as trusted advisor with clients, partners, peers and cyber community resulting in an influential network of contacts • Listen for client feedback and continually share with internal teams to evaluate and cultivate continuous improvement • Participate in account planning, forecasting, and pipeline management activities • Participate in managing and prioritizing the proposal process to create business proposals, contracts, and respond to RFI/RFP’s • Actively pursue personal development by maintaining and obtaining technical capabilities, soft skills, and security-specific knowledge through formal education, certification, and other avenues • Advance sales techniques; makes connections, facilitates meetings, reads the room, asks probing questions, overcomes objections, gains trust, maintains composure under pressure, positions solutions, and assist in finalization of sale