
Vivid · Remote
ABOUT THE ROLE We’re looking for a Security Engineer to own and improve the security of our internal environment — the identities, SaaS apps, endpoints, AI too...
We’re looking for a Security Engineer to own and improve the security of our internal environment — the identities, SaaS apps,
endpoints, AI tooling, and networks our employees use every day. This is a hands-on senior role: we expect you to design controls,
find the gaps, and drive the changes that close them — and to build the automation that makes it scale.
We’re an EMI-licensed fintech in a fully cloud-native AWS environment, we use AI heavily, and we’re growing fast. We need someone
who can lead technical initiatives independently, influence our security architecture, challenge approaches that no longer fit,
and explain it clearly to engineers and leadership.
Detection & Response (SIEM) — our top priority
positives.
issues back into preventive controls.
Identity, Access & SaaS
AWS, and internal tools — scope, evidence, follow-through on revocations.
access work in practice.
Endpoint, Email & Phishing Defense
requirements (disk encryption, EDR present, OS version) with automated remediation.
awareness, acting on the results.
Automation & Ownership
provider (Okta, Entra ID, Google Workspace), access recertification, and least-privilege / PAM.
assistants and agents, and a working risk framework for adopting new ones. You've done this for real, not from a vendor pitch
deck.
Enhance your expertise and shape the future of FinTech. Join Vivid's talented team and help us revolutionize how businesses think
about their finances!
Final compensation is determined individually, based on your experience, skills and the scope of the role, assessed against
objective, gender-neutral criteria.
At Vivid, we're on a mission to change how businesses and individuals manage their money across Europe. For businesses, we build
tools that actually make a difference: multi-IBAN accounts, high-yield savings, business cashback, team cards, and accounting
integrations that save real time — all in one place. And for individuals, we offer a simple way to manage and grow your wealth:
access to global stocks, ETFs and 150+ cryptocurrencies, cashback, and personalised financial insights.
Our mission? Your success. Everyone deserves the chance to see their finances flourish, and we're dedicated to empowering our
customers to make this a reality.
Founded in 2019 in Berlin by Alexander Emeshev and Artem Iamanov, Vivid has quickly grown into one of Germany's top financial
platforms for SMEs and private accounts. Since then, we've expanded rapidly across Europe, earning the trust of over 500,000
customers — and with over €200 million raised and a valuation of €775 million, we're just getting started.
We're building Vivid as an AI-native organization — across every function, from product to compliance to operations. Automation
handles a growing share of day-to-day execution. For us, this means our teams can focus on architecture, strategy, and high-impact
decision-making. This changes how we work: less manual execution, more ownership in building systems that scale. We want to help
define what AI-native looks like in a regulated financial environment — and we're looking for people who want to build that future
with us.
ABOUT THE ROLE We are looking for a hands-on DevSecOps Engineer to strengthen and scale security initiatives in our fully cloud-native AWS environment. You will help evolve our DevSecOps practices, improve cloud and Kubernetes security, vulnerability management, and perform security reviews across infrastructure and applications. You will work closely with security and engineering teams, making hands-on improvements while contributing to long-term security direction. We value practical, scalable solutions and smart automation, and we expect ownership and a proactive mindset. As we actively adopt AI, use LLMs extensively, and build internal AI agents, security must scale alongside innovation and regulatory requirements – making AI-aware security a key part of this role. YOUR MISSION Cloud & Platform Security * Continuously improve the security of our AWS and Kubernetes platforms. * Strengthen IAM, RBAC, encryption, secrets management, and network controls through secure-by-default policy-as-code. * Manage edge security, including traffic filtering, WAF configuration, and external exposure management. * Perform security reviews of new services, architectural changes, and platform components. Application & AI Security * Embed automated security controls into SDLC and CI/CD (SAST, dependency and container scanning, policy enforcement). * Lead vulnerability management processes, including detection, assessment, prioritization, and reporting. * Integrate automation and AI-assisted tooling to enhance security reviews and reduce manual effort. * Define and implement security controls for AI infrastructure components, including gateways, MCP servers, and model proxies. * Identify and mitigate AI-specific risks such as prompt injection, data leakage, and agent privilege escalation. YOUR PROFILE * 5+ years of hands-on experience in DevSecOps, Cloud Security, or related fields. * Strong hands-on experience operating AWS and Kubernetes in production environments. * Experience implementing security in Infrastructure as Code and CI/CD workflows. * Solid understanding of cloud security fundamentals such as access control, secrets management, network security, and encryption. * Familiarity with container security and common application security risks. * Deep understanding of AI/LLM security risks, including prompt injection, data leakage, model abuse, and agent privilege escalation; hands-on experience securing AI infrastructure components such as LLM gateways, MCP servers, or agent-based workflows. * Comfortable with scripting and working in Git-based development environments. * Good communication skills and ability to work effectively with engineering and product teams. * Comfortable communicating clearly in English, both written and spoken. Nice to Have * Experience scaling security practices in fast-growing or regulated environments. * Experience building internal security tooling or automation from scratch. WHY JOIN VIVID? * We have a hybrid model in our Limassol office, or fully remote outside office locations. * We support relocation to Cyprus (visa, package) when needed. * Competitive senior-level compensation, reflecting the seniority and impact of the role (depending on location). * Learning & development budget to support your professional growth. * Fully paid vacation and sick leave. * Sports compensation. * Real growth prospects, significant responsibility, and the ability to make an immediate impact from day one. Enhance your expertise and shape the future of FinTech. Join Vivid's talented team and help us revolutionize how businesses think about their finances! COMPENSATION RANGE Final compensation is determined individually, based on your experience, skills and the scope of the role, assessed against objective, gender-neutral criteria. ABOUT VIVID At Vivid, we're on a mission to change how businesses and individuals manage their money across Europe. For businesses, we build tools that actually make a difference: multi-IBAN accounts, high-yield savings, business cashback, team cards, and accounting integrations that save real time — all in one place. And for individuals, we offer a simple way to manage and grow your wealth: access to global stocks, ETFs and 150+ cryptocurrencies, cashback, and personalised financial insights. Our mission? Your success. Everyone deserves the chance to see their finances flourish, and we're dedicated to empowering our customers to make this a reality. Founded in 2019 in Berlin by Alexander Emeshev and Artem Iamanov, Vivid has quickly grown into one of Germany's top financial platforms for SMEs and private accounts. Since then, we've expanded rapidly across Europe, earning the trust of over 500,000 customers — and with over €200 million raised and a valuation of €775 million, we're just getting started. We're building Vivid as an AI-native organization — across every function, from product to compliance to operations. Automation handles a growing share of day-to-day execution. For us, this means our teams can focus on architecture, strategy, and high-impact decision-making. This changes how we work: less manual execution, more ownership in building systems that scale. We want to help define what AI-native looks like in a regulated financial environment — and we're looking for people who want to build that future with us.
SENIOR SECURITY ENGINEER Remote ABOUT BRAVE Brave is on a mission to protect the human right to privacy online. We’ve built a free web browser that blocks creepy third-party ads and trackers by default, a private search engine with a truly independent index, a browser-native crypto wallet, and a private ad network (opt-in!) that directly rewards you for your attention. And we’re just getting started. Already 110+ million people have switched to Brave for a faster, more private web. Millions more switch every month. The internet is a sea of privacy-harmful ads, hackers, and echo chambers. Big Tech makes huge profits off our data, and tells us what’s true and what’s not. Brave is fighting back. Join us! SUMMARY We are hiring a staff engineer on the Brave security and privacy team! You will help keep our users safe across Brave’s products, including Brave browser and Brave Search. Responsibilities include: 1. Security reviews of Brave products 2. Triaging and fixing security reports 3. Designing and implementing security-relevant code 4. Penetration tests of Brave products and infrastructure Brave is widely-recognized as one of the best browsers for security and privacy, doing industry-leading work with a team that’s a fraction of the size of Big Tech-supported browsers. REQUIRED QUALIFICATIONS * At least 5 years experience (or equivalent) in security engineering * Experience in penetration testing and/or security auditing * Proficiency in C++, both implementing and reviewing * Strong familiarity with the Web security model * Experience securing AWS infrastructure * Very comfortable working and communicating async with a geographically-distributed software development team * Be comfortable diving into an extremely large, unfamiliar and complex codebase * Be comfortable with Git and collaborating on GitHub PREFERRED QUALIFICATIONS * Experience contributing to large open source codebases and/or participating in open source communities * Proficiency in Web technologies (HTML, CSS, JavaScript) * Proficiency in Go and Rust * DevOps experience * Contributions to other Web browsers * Familiarity with Chromium's architecture, especially security * Ability to write clear technical documentation and less technical writing for blog posts or public communication. * Be excited about privacy, anonymity, and censorship resistance!
WHAT’S IN IT FOR YOU? Ready to make a serious impact? Millions of people already rely on Calendly, and we’re still in the midst of exciting product growth — it’s a fantastic time to join us. Everything you’ll work on here will accelerate your career to the next level. If you want to learn, grow, and do the best work of your life alongside the best people you’ve ever worked with, then we hope you’ll consider allowing Calendly to be a part of your professional journey. About the team & opportunity Our Compliance and Risk team is a strategic partner that enables the business to grow securely and responsibly. We work across Engineering, Security, Product, Legal, HR, and Business Operations to build scalable compliance and risk programs that support innovation while maintaining customer trust. As a Senior Compliance and Risk Analyst, you will own and mature our compliance program, ensuring the organization maintains certifications such as SOC 2 and ISO 27001 while building scalable, automated processes that support a rapidly growing SaaS business. This is a high-impact role for someone who enjoys both strategy and execution. You'll design and operationalize controls, strengthen our common controls framework, optimize compliance automation, and embed compliance into business processes and product development. Beyond maintaining audit readiness, you'll help shape how compliance evolves as the organization grows, driving continuous improvement and fostering a proactive culture of risk management. A day in the life of a Senior Compliance and Risk Analyst * Own and manage the organization's compliance program, including SOC 2 and ISO 27001 readiness, certification, and ongoing maintenance. * Develop and execute a compliance roadmap aligned with business objectives, regulatory requirements, and organizational risk appetite. * Lead internal and external audits by coordinating evidence collection, managing auditor relationships, and driving timely remediation of findings. * Monitor changes in regulatory and industry frameworks, assessing their impact on the organization's compliance program. * Own the enterprise risk management process, including risk identification, assessment, treatment planning, and ongoing monitoring. * Conduct periodic risk assessments and partner with stakeholders to identify control gaps and prioritize remediation activities. * Develop and present compliance metrics, risk dashboards, and executive reports for senior leadership. * Design, document, and improve internal controls aligned with SOC 2, ISO 27001, and other applicable frameworks. * Lead control testing, including evidence collection, effectiveness validation, remediation tracking, and continuous improvement. * Expand and mature the organization's common controls framework to support evolving compliance requirements. * Administer and optimize compliance automation platforms, improving workflow efficiency and reducing manual effort. * Perform User Access Reviews (UARs) and support continuous compliance monitoring through automation and reporting. * Partner with Engineering, Security, Product, Legal, HR, and Operations to integrate compliance into business processes and product development. * Develop training, playbooks, and self-service resources that empower teams to meet compliance requirements efficiently. * Manage multiple compliance initiatives simultaneously while ensuring projects remain on schedule and stakeholders stay informed. What do we need from you? * 5+ years of experience in compliance, risk management, audit, or Governance, Risk, and Compliance (GRC) roles within a technology or SaaS environment. * Experience owning or leading compliance programs supporting frameworks such as SOC 2 and ISO 27001. * Working knowledge of security and privacy frameworks including NIST, ISO 27001, GDPR, and HIPAA. * Experience administering compliance automation platforms such as Drata, Vanta, Tugboat Logic, or similar solutions. * Experience performing User Access Reviews (UARs) using GRC or compliance automation platforms. * Strong understanding of internal controls, risk assessment methodologies, and audit processes. * Demonstrated ability to manage multiple initiatives and deliver results in a fast-paced environment. * Excellent project management, analytical, and problem-solving skills. * Strong communication skills with the ability to translate technical and regulatory requirements into practical business solutions. * Proven ability to collaborate effectively with technical and non-technical stakeholders across the organization. Preferred Qualifications * Experience leveraging AI to improve compliance processes or automate workflows. * Experience scaling compliance programs within a high-growth SaaS organization. * Hands-on experience developing or expanding a common controls framework. * Advanced expertise configuring compliance automation platforms, including integrations, custom controls, and reporting. * Familiarity with additional compliance frameworks such as PCI DSS, FedRAMP, or other industry standards. * Experience developing compliance training, awareness programs, or self-service enablement resources. * Professional certifications such as CISA, CRISC, CISSP, CCSK, or equivalent. Tier 1 Salary Hiring Range $198,238—$233,221 USD Tier 2 Salary Hiring Range $181,718—$213,786 USD Tier 3 Salary Hiring Range $165,198—$194,351 USD The ranges listed above are the expected annual base salary for this role, subject to change. Calendly takes a number of factors into consideration when determining an employee’s starting salary, including relevant experience, relevant skills sets, interview performance, location/metropolitan area, and internal pay equity. Base salary is just one component of Calendly’s total rewards package. All full-time (30 hours/week) employees are also eligible for our Top Performer Bonus program (or Sales incentive), equity awards, and competitive benefits. Calendly uses the zip code of an employee’s remote work location, or the onsite building location if hybrid, to determine which metropolitan pay range we use. Current geographic zones are as follows: * Tier 1: San Francisco, CA, San Jose, CA, New York City, NY * Tier 2: Chicago, IL, Austin, TX, Denver, CO, Boston, MA, Washington D.C., Philadelphia, PA, Portland, OR, Seattle, WA, Miami, FL, and all other cities in CA. * Tier 3: All other locations not in Tier 1 or Tier 2 If you are an individual with a disability and would like to request a reasonable accommodation as part of the application or recruiting process, please let your Recruiter know when first connecting with them. Calendly is registered as an employer in many, but not all, states. If you are located in Alaska, Delaware, Hawaii, Idaho, Iowa, Montana, Nebraska, North Dakota, Rhode Island, South Dakota, and West Virginia, you will not be eligible for employment. Note that all individual roles will specify location eligibility. All candidates can find our Candidate Privacy Statement here Candidates residing in California may visit our Notice at Collection for California Candidates here: Notice at Collection This role may require occasional travel for company events, team collaboration, or offsites.