Senior Security Engineer

Location: Remote or Hybrid — Lehi or St. George, UT

Reports To: Director of Security and Compliance

Mango Voice is a leading provider of cloud-based communication solutions, helping businesses of all sizes connect with their customers through innovative VoIP, SMS, and collaboration tools. We are rapidly expanding our platform and are committed to maintaining the highest standards of security and compliance as we scale.

Mango Voice is searching for an experienced, deeply hands‑on Senior Security Engineer to help drive security across our cloud infrastructure, development pipelines, and engineering organization. This is not a policy‑writing or advisory seat — you will be rolling up your sleeves every day: configuring AWS security tooling, triaging and remediating vulnerabilities, hardening our infrastructure, and actively partnering with engineers to build secure‑by‑default practices.

If you are most comfortable in a purely governance or compliance‑management role, this is not the right fit. We need someone who is equally at home at the command line and in a design review, and who takes personal ownership of the security posture of our platform.

• Operate AWS Inspector daily — actively configure and manage continuous vulnerability scanning across EC2 instances and container images, and own the remediation pipeline for findings end‑to‑end.
• Own AWS Security Hub (Security Agent) — set up and tune aggregation of findings from Guard Duty, Inspector, and others; prioritize, assign, and track resolution across engineering teams.
• Respond to security events in real time — investigate anomalies, alerts, and other incidents; contain issues and drive post‑incident reviews.
• Harden AWS infrastructure hands‑on — enforce least‑privilege IAM policies, audit security group and network configurations, and automate remediation using Config Rules, Lambda, or IaC.

• Manage Git Hub Dependabot and Security Alerts across all repositories — configure automated scanning, triage alerts by risk, build escalation workflows, and work directly with engineers to close vulnerabilities on time.
• Embed security into CI/CD — integrate tooling into Git Hub Actions pipelines so security checks are a standard part of every pull request and deployment.
• Conduct hands‑on security and secure code reviews for new features, third‑party integrations, and architectural changes, providing specific, actionable guidance to developers.

While you will not be the sole owner of our SOC 2 program, you are expected to have a solid, working familiarity with SOC 2 controls and what they require in practice. You will:

• Understand SOC 2 Trust Services Criteria well enough to advise engineering teams on control implementation and gaps.
• Contribute to evidence collection and control documentation when audits or assessments are in progress.
• Ensure that logging, monitoring access controls, and incident response practices align with SOC 2 expectations.
• Collaborate with compliance and operations stakeholders to keep security controls current and well documented.

• Partner with engineers directly — sit in architecture reviews, pull request discussions, and product planning to identify security risks early and collaboratively build fixes into the work.
• Develop and maintain security best practices that engineers can actually use — clear, practical runbooks, standards, and guidelines rather than abstract policy documents.
• Deliver developer‑focused security guidance — translate complex security concepts into actionable advice tailored to backend and infrastructure engineers.
• Mentor engineers on secure coding practices and foster a culture where security is a shared responsibility across the team.

• Experience: 5+ years of hands‑on security engineering, with a strong focus on cloud and application security in production environments.
• AWS Security — Hands‑On: Deep, practical experience operating AWS Inspector, AWS Security Hub, Guard Duty, IAM, Cloud Trail, and Config. You have…