Senior/Principal Security Engineer

Company Description

Unosquare is a full-cycle digital engineering firm specializing in providing solutions to companies in regulated and data-intensive industries. With over 15 years of experience, Unosquare helps clients accelerate their digital transformation and implement their technology roadmaps. The company combines precision, expertise, and innovation to deliver impactful software solutions. Unosquare is committed to supporting businesses in navigating complex challenges with customized, high-quality service

We are seeking a Senior or Principal Security Engineer with deep, hands-on expertise in application security platforms and incident response leadership. This role is ideal for a seasoned professional who thrives in high-stakes environments, takes ownership of critical security tooling, and leads the charge during application-layer attacks. You will be responsible for the operation, optimization, and continuous improvement of our WAF, bot defense, API security, and application testing platforms. You will also serve as the incident commander for web and application-layer security events, ensuring rapid containment, root cause analysis, and long-term remediation. The Security Engineer will also serve as the incident response lead for application-layer attacks, participate in the on-call rotation, and work primarily during Pacific Time (PT) business hours to align with our operations.

Key Responsibilities Application Security Tooling

• Own and administer Cloudflare WAF, including custom rule sets, tuning, and policy lifecycle management.
• Manage and optimize bot defense platforms (e.g., F5/Shape, Arkose Labs) to mitigate automated threats such as credential stuffing, scraping, and fraud.
• Develop, maintain, and enhance Cloudflare Worker scripts to support bot defense operations and ensure seamless integration with security controls.
• Operate and tune API security solutions (e.g., Traceable, Salt Security) for visibility, anomaly detection, and protection.
• Integrate and manage DAST/SAST platforms within CI/CD pipelines, ensuring actionable and prioritized findings.
• Continuously evaluate and improve the effectiveness of security tools with minimal business disruption.

Incident Response Leadership

• Serve as the primary incident lead for application-layer attacks, coordinating across engineering, product, and business teams.
• Participate in a 24x7 on-call rotation, with a focus on rapid detection, triage, containment, and recovery.

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Conduct post-incident reviews, root cause analysis, and drive remediation and hardening efforts.
• Develop and maintain playbooks, runbooks, and detection logic for application-layer threats.

Qualifications Required

• 7+ years of experience in application security, DevSecOps, or security engineering roles.
• Proven experience managing WAFs, bot mitigation, and API security platforms in production environments.
• Hands-on experience with Cloudflare Workers or similar serverless edge scripting technologies.
• Strong understanding of OWASP Top 10, application-layer attack vectors, and secure SDLC practices.
• Demonstrated leadership in incident response, including real-world experience handling web application attacks.
• Excellent communication and cross-functional collaboration skills.

Preferred

• Experience with:
• Cloudflare WAF
• F5/Shape, Arkose Labs
• Traceable, Salt Security, or similar API security tools
• Veracode, Burp Suite, OWASP ZAP, or similar DAST/SAST tools

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Familiarity with CI/CD pipelines, DevOps tooling, and cloud-native architectures
• Certifications such as:
• GIAC GWAPT, GWEB, OSWE, OSCP, or CISSP
• Experience working in regulated industries (e.g., financial services, healthcare)

What Success Looks Like

• Security tools are well-tuned, low-friction, and high-impact.
• Application-layer incidents are contained quickly, with clear communication and effective remediation.
• You are seen as a trusted advisor and technical leader across security and engineering teams.

What we offer

💻 100% remote work

🌎 Open to candidates in Mexico, Colombia, Bolivia & Paraguay

💡 Clear career path and growth opportunities

🎓 Access to certifications, courses & continuous training

📍 A collaborative environment where you can grow into your next best version

📩 Interested? Apply below