• Serve as the technical liaison between the organization and Managed Security Service Providers (MSSPs) • Review and validate security alerts, investigations, and incident reports • Collaborate with other internal teams • Work in an on-call environment, on a weekly rotational schedule

• Lead end-to-end execution of internal and external audits (SOC 1, SOC 2, PCI DSS). • Act as the primary point of contact for auditors. • Establish and improve audit readiness processes. • Drive tracking and remediation of audit findings. • Partner with the Security Compliance Manager to shape and mature the global compliance program. • Contribute to the design and improvement of control frameworks. • Identify opportunities to improve efficiency and effectiveness across compliance and audit processes. • Support development and refinement of security policies, standards, and guidance. • Contribute to compliance awareness and training initiatives. • Ensure policies are actionable, testable, and aligned to real-world controls. • Define and track key compliance and audit metrics. • Mentor and support junior compliance specialists.

Role Description The Senior Application Security Engineer is a highly technical, engineering-driven role within NinjaOne’s Information Security organization. This position focuses on embedding security into the software development lifecycle by working directly with development, platform, and product teams from design through deployment. - Build and maintain internal application security tooling. - Design scalable security automation. - Write production-quality code to address security challenges at scale. - Help define application security architecture standards. - Integrate security-by-design controls into CI/CD pipelines. - Leverage AI/LLM-based workflows to improve signal quality, reduce manual effort, and accelerate secure development practices. Qualifications - Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent practical experience). - 3+ years of experience in Application Security, DevSecOps, or Software Engineering with a strong security focus. - 5+ years in cybersecurity-related roles. - Proficiency in Golang and Python (required); Node.js/React experience is a plus. - Proven ability to break down complex systems to identify logic, performance, and design performance issues to scale up the software. - Strong AWS experience and familiarity with modern software delivery practices such as Infrastructure as Code, containers, and service-oriented architectures. - Broad systems knowledge across Linux, Windows, macOS, and networking fundamentals (TCP/IP, secure network design). - Solid understanding of application security fundamentals, including authentication, authorization, cryptography, secure communications, and common vulnerability classes. - Ability to analyze complex systems, identify scalability and security risks, and communicate effectively with engineers and leadership. Requirements - English resumes required. - Location: Brazil, Ecuador, Colombia, Mexico (LATAM). Benefits - Flexible working hours with home office options. - Opportunity to grow personally and together with one of the fastest growing companies globally. - Access to a renowned training platform for skill development. - Competitive compensation. - Collaboration with an amazing international workforce. Company Description NinjaOne automates the hardest parts of IT to deliver visibility, security, and control over all endpoints for more than 30,000 customers. The NinjaOne automated endpoint management platform is proven to increase productivity, reduce security risk, and lower costs for IT teams and managed service providers. - NinjaOne is obsessed with customer success and provides free and unlimited onboarding, training, and support. - NinjaOne is #1 on G2 in endpoint management, patch management, remote monitoring and management, and mobile device management.

• Operate and maintain cloud security tools to monitor, detect, and respond to security risks across cloud environments. • Maintain documentation for cloud security tools processes, procedures, and operational playbooks. • Participate in incident response activities and post‑incident reviews related to cloud environments. • Write automation for data collection from various tools to generate comprehensive Cloud Security KPI metrics reporting.