
Calendly · Remote
WHAT’S IN IT FOR YOU? Ready to make a serious impact? Millions of people already rely on Calendly, and we’re still in the midst of exciting product growth — i...
Ready to make a serious impact? Millions of people already rely on Calendly, and we’re still in the midst of exciting product
growth — it’s a fantastic time to join us. Everything you’ll work on here will accelerate your career to the next level. If you
want to learn, grow, and do the best work of your life alongside the best people you’ve ever worked with, then we hope you’ll
consider allowing Calendly to be a part of your professional journey.
About the team & opportunity
Our Compliance and Risk team is a strategic partner that enables the business to grow securely and responsibly. We work across
Engineering, Security, Product, Legal, HR, and Business Operations to build scalable compliance and risk programs that support
innovation while maintaining customer trust.
As a Senior Compliance and Risk Analyst, you will own and mature our compliance program, ensuring the organization maintains
certifications such as SOC 2 and ISO 27001 while building scalable, automated processes that support a rapidly growing SaaS
business.
This is a high-impact role for someone who enjoys both strategy and execution. You'll design and operationalize controls,
strengthen our common controls framework, optimize compliance automation, and embed compliance into business processes and product
development. Beyond maintaining audit readiness, you'll help shape how compliance evolves as the organization grows, driving
continuous improvement and fostering a proactive culture of risk management.
A day in the life of a Senior Compliance and Risk Analyst
maintenance.
appetite.
remediation of findings.
monitoring.
improvement.
product development.
informed.
What do we need from you?
technology or SaaS environment.
solutions.
Preferred Qualifications
Tier 1 Salary Hiring Range
Tier 2 Salary Hiring Range
Tier 3 Salary Hiring Range
The ranges listed above are the expected annual base salary for this role, subject to change.
Calendly takes a number of factors into consideration when determining an employee’s starting salary, including relevant
experience, relevant skills sets, interview performance, location/metropolitan area, and internal pay equity.
Base salary is just one component of Calendly’s total rewards package. All full-time (30 hours/week) employees are also eligible
for our Top Performer Bonus program (or Sales incentive), equity awards, and competitive benefits.
Calendly uses the zip code of an employee’s remote work location, or the onsite building location if hybrid, to determine which
metropolitan pay range we use. Current geographic zones are as follows:
FL, and all other cities in CA.
If you are an individual with a disability and would like to request a reasonable accommodation as part of the application or
recruiting process, please let your Recruiter know when first connecting with them. Calendly is registered as an employer in many,
but not all, states. If you are located in Alaska, Delaware, Hawaii, Idaho, Iowa, Montana, Nebraska, North Dakota, Rhode Island,
South Dakota, and West Virginia, you will not be eligible for employment. Note that all individual roles will specify location
eligibility.
All candidates can find our Candidate Privacy Statement here
Candidates residing in California may visit our Notice at Collection for California Candidates here: Notice at Collection
This role may require occasional travel for company events, team collaboration, or offsites.
ABOUT THE ROLE We’re looking for a Security Engineer to own and improve the security of our internal environment — the identities, SaaS apps, endpoints, AI tooling, and networks our employees use every day. This is a hands-on senior role: we expect you to design controls, find the gaps, and drive the changes that close them — and to build the automation that makes it scale. We’re an EMI-licensed fintech in a fully cloud-native AWS environment, we use AI heavily, and we’re growing fast. We need someone who can lead technical initiatives independently, influence our security architecture, challenge approaches that no longer fit, and explain it clearly to engineers and leadership. YOUR MISSION Detection & Response (SIEM) — our top priority * Own SIEM alerting end-to-end: ship logs from endpoints, IdP, VPN, SaaS, and cloud; write and tune detection rules; cut false positives. * Act as first responder for security incidents — investigate, contain, drive to closure with clear runbooks — and feed recurring issues back into preventive controls. Identity, Access & SaaS * Administer the IdP (SSO via SAML/OIDC, MFA, conditional access) and run access recertification end-to-end across IdP, SaaS, AWS, and internal tools — scope, evidence, follow-through on revocations. * Hunt down over-permissive and stale access, enforce least privilege and PAM, catch SoD gaps, and make JML and third-party access work in practice. * Improve SaaS security posture (Google/Microsoft, Slack, GitHub, others) and apply DLP controls to limit data leakage. Endpoint, Email & Phishing Defense * Keep the endpoint stack healthy and well-tuned — MDM, XDR/AV, device-compliance checks for VPN/ZTNA — and define posture requirements (disk encryption, EDR present, OS version) with automated remediation. * Defend against phishing and spoofing — secure email gateway rules, DMARC/SPF/DKIM — and run phishing simulations and security awareness, acting on the results. Automation & Ownership * Build internal tooling and automate repetitive operations — reduce manual work, don't just operate it. * Own the roadmap for your areas: identify gaps, lead initiatives independently, and raise the bar rather than just maintain it. YOUR PROFILE * 5+ years in security operations, corporate/IT security, or endpoint engineering. * Strong with a SIEM (Splunk, Elastic, Panther, Sumo Logic) — detection engineering and incident response — plus an identity provider (Okta, Entra ID, Google Workspace), access recertification, and least-privilege / PAM. * Working knowledge of endpoint security (MDM, XDR/EDR/AV) and email / phishing defense. * Practical experience securing how a company uses AI internally: shadow AI discovery, DLP for AI tools, controls for AI assistants and agents, and a working risk framework for adopting new ones. You've done this for real, not from a vendor pitch deck. * Strong scripting and automation skills — you build tooling against APIs, not just configure consoles. * Track record of driving improvements end-to-end and leading initiatives with little oversight. * Сlear written and spoken English for engineers and leadership. WHY JOIN VIVID? * We have a hybrid model in our Limassol office, or fully remote outside office locations. * We support relocation to Cyprus (visa, package) when needed. * Learning & development budget to support your professional growth. * Fully paid vacation and sick leave. * Sports compensation. * Real growth prospects, significant responsibility, and the ability to make an immediate impact from day one. Enhance your expertise and shape the future of FinTech. Join Vivid's talented team and help us revolutionize how businesses think about their finances! COMPENSATION RANGE Final compensation is determined individually, based on your experience, skills and the scope of the role, assessed against objective, gender-neutral criteria. ABOUT VIVID At Vivid, we're on a mission to change how businesses and individuals manage their money across Europe. For businesses, we build tools that actually make a difference: multi-IBAN accounts, high-yield savings, business cashback, team cards, and accounting integrations that save real time — all in one place. And for individuals, we offer a simple way to manage and grow your wealth: access to global stocks, ETFs and 150+ cryptocurrencies, cashback, and personalised financial insights. Our mission? Your success. Everyone deserves the chance to see their finances flourish, and we're dedicated to empowering our customers to make this a reality. Founded in 2019 in Berlin by Alexander Emeshev and Artem Iamanov, Vivid has quickly grown into one of Germany's top financial platforms for SMEs and private accounts. Since then, we've expanded rapidly across Europe, earning the trust of over 500,000 customers — and with over €200 million raised and a valuation of €775 million, we're just getting started. We're building Vivid as an AI-native organization — across every function, from product to compliance to operations. Automation handles a growing share of day-to-day execution. For us, this means our teams can focus on architecture, strategy, and high-impact decision-making. This changes how we work: less manual execution, more ownership in building systems that scale. We want to help define what AI-native looks like in a regulated financial environment — and we're looking for people who want to build that future with us.
ABOUT THE ROLE We are looking for a hands-on DevSecOps Engineer to strengthen and scale security initiatives in our fully cloud-native AWS environment. You will help evolve our DevSecOps practices, improve cloud and Kubernetes security, vulnerability management, and perform security reviews across infrastructure and applications. You will work closely with security and engineering teams, making hands-on improvements while contributing to long-term security direction. We value practical, scalable solutions and smart automation, and we expect ownership and a proactive mindset. As we actively adopt AI, use LLMs extensively, and build internal AI agents, security must scale alongside innovation and regulatory requirements – making AI-aware security a key part of this role. YOUR MISSION Cloud & Platform Security * Continuously improve the security of our AWS and Kubernetes platforms. * Strengthen IAM, RBAC, encryption, secrets management, and network controls through secure-by-default policy-as-code. * Manage edge security, including traffic filtering, WAF configuration, and external exposure management. * Perform security reviews of new services, architectural changes, and platform components. Application & AI Security * Embed automated security controls into SDLC and CI/CD (SAST, dependency and container scanning, policy enforcement). * Lead vulnerability management processes, including detection, assessment, prioritization, and reporting. * Integrate automation and AI-assisted tooling to enhance security reviews and reduce manual effort. * Define and implement security controls for AI infrastructure components, including gateways, MCP servers, and model proxies. * Identify and mitigate AI-specific risks such as prompt injection, data leakage, and agent privilege escalation. YOUR PROFILE * 5+ years of hands-on experience in DevSecOps, Cloud Security, or related fields. * Strong hands-on experience operating AWS and Kubernetes in production environments. * Experience implementing security in Infrastructure as Code and CI/CD workflows. * Solid understanding of cloud security fundamentals such as access control, secrets management, network security, and encryption. * Familiarity with container security and common application security risks. * Deep understanding of AI/LLM security risks, including prompt injection, data leakage, model abuse, and agent privilege escalation; hands-on experience securing AI infrastructure components such as LLM gateways, MCP servers, or agent-based workflows. * Comfortable with scripting and working in Git-based development environments. * Good communication skills and ability to work effectively with engineering and product teams. * Comfortable communicating clearly in English, both written and spoken. Nice to Have * Experience scaling security practices in fast-growing or regulated environments. * Experience building internal security tooling or automation from scratch. WHY JOIN VIVID? * We have a hybrid model in our Limassol office, or fully remote outside office locations. * We support relocation to Cyprus (visa, package) when needed. * Competitive senior-level compensation, reflecting the seniority and impact of the role (depending on location). * Learning & development budget to support your professional growth. * Fully paid vacation and sick leave. * Sports compensation. * Real growth prospects, significant responsibility, and the ability to make an immediate impact from day one. Enhance your expertise and shape the future of FinTech. Join Vivid's talented team and help us revolutionize how businesses think about their finances! COMPENSATION RANGE Final compensation is determined individually, based on your experience, skills and the scope of the role, assessed against objective, gender-neutral criteria. ABOUT VIVID At Vivid, we're on a mission to change how businesses and individuals manage their money across Europe. For businesses, we build tools that actually make a difference: multi-IBAN accounts, high-yield savings, business cashback, team cards, and accounting integrations that save real time — all in one place. And for individuals, we offer a simple way to manage and grow your wealth: access to global stocks, ETFs and 150+ cryptocurrencies, cashback, and personalised financial insights. Our mission? Your success. Everyone deserves the chance to see their finances flourish, and we're dedicated to empowering our customers to make this a reality. Founded in 2019 in Berlin by Alexander Emeshev and Artem Iamanov, Vivid has quickly grown into one of Germany's top financial platforms for SMEs and private accounts. Since then, we've expanded rapidly across Europe, earning the trust of over 500,000 customers — and with over €200 million raised and a valuation of €775 million, we're just getting started. We're building Vivid as an AI-native organization — across every function, from product to compliance to operations. Automation handles a growing share of day-to-day execution. For us, this means our teams can focus on architecture, strategy, and high-impact decision-making. This changes how we work: less manual execution, more ownership in building systems that scale. We want to help define what AI-native looks like in a regulated financial environment — and we're looking for people who want to build that future with us.
SENIOR SECURITY ENGINEER Remote ABOUT BRAVE Brave is on a mission to protect the human right to privacy online. We’ve built a free web browser that blocks creepy third-party ads and trackers by default, a private search engine with a truly independent index, a browser-native crypto wallet, and a private ad network (opt-in!) that directly rewards you for your attention. And we’re just getting started. Already 110+ million people have switched to Brave for a faster, more private web. Millions more switch every month. The internet is a sea of privacy-harmful ads, hackers, and echo chambers. Big Tech makes huge profits off our data, and tells us what’s true and what’s not. Brave is fighting back. Join us! SUMMARY We are hiring a staff engineer on the Brave security and privacy team! You will help keep our users safe across Brave’s products, including Brave browser and Brave Search. Responsibilities include: 1. Security reviews of Brave products 2. Triaging and fixing security reports 3. Designing and implementing security-relevant code 4. Penetration tests of Brave products and infrastructure Brave is widely-recognized as one of the best browsers for security and privacy, doing industry-leading work with a team that’s a fraction of the size of Big Tech-supported browsers. REQUIRED QUALIFICATIONS * At least 5 years experience (or equivalent) in security engineering * Experience in penetration testing and/or security auditing * Proficiency in C++, both implementing and reviewing * Strong familiarity with the Web security model * Experience securing AWS infrastructure * Very comfortable working and communicating async with a geographically-distributed software development team * Be comfortable diving into an extremely large, unfamiliar and complex codebase * Be comfortable with Git and collaborating on GitHub PREFERRED QUALIFICATIONS * Experience contributing to large open source codebases and/or participating in open source communities * Proficiency in Web technologies (HTML, CSS, JavaScript) * Proficiency in Go and Rust * DevOps experience * Contributions to other Web browsers * Familiarity with Chromium's architecture, especially security * Ability to write clear technical documentation and less technical writing for blog posts or public communication. * Be excited about privacy, anonymity, and censorship resistance!