Senior Security Engineer (Hybrid or Remote)

Remote, Almaty, Barcelona, Limassol, Serbia

Full-time

Permanent employee

About The Role

We are looking for a Senior Security Engineer to lead security governance, compliance, and assurance work in our fully cloud-native AWS environment. You will work as part of our security team, owning a broad scope: running security reviews and approvals for new initiatives, leading access reviews, designing our vulnerability and incident response frameworks, driving PCI DSS, DORA, and CSSF audits, and managing external penetration testing programs.

We are an EMI-licensed fintech, use AI heavily, and we are growing fast. We need someone who can keep our security in good shape for regulators and auditors, explain it clearly to leadership, and ship practical solutions instead of paperwork.

Your Mission

Security Reviews & Access Governance

Review new products, features, architectural changes, vendors, and AI systems early in design – give a clear verdict on what's safe to ship, what must be fixed first, and what we accept.
Own access recertification end-to-end (scope, automation, evidence, audit readiness) and make sure joiner/mover/leaver, privileged access, and SoD controls actually work across AWS, Kubernetes, SaaS, and internal tools.

Vulnerability Management, Incident Response & Pentesting

Run the remediation process end-to-end: severity model, SLAs, exceptions, ownership routing, escalation, and leadership reporting. Turn output from SAST, SCA, container, cloud, and AI scanners into prioritized work with readable dashboards.
Design the IR and containment framework (escalation paths, isolation triggers, decision authority, documentation) and define logging standards – what's captured, retention, protection, reporting – so the security team and auditors can rely on it.
Plan and run external testing across apps, AWS, Kubernetes, and AI systems: pentests, TLPT (DORA), ASV scans (PCI DSS), and bug bounty. Drive findings to closure and feed recurring issues back into preventive controls.

Compliance & Audit (PCI DSS, DORA, CSSF)

Lead security workstreams across audits: scoping, evidence, walkthroughs, findings response, and remediation tracking.
Maintain a living mapping of regulatory requirements to internal controls and evidence, and support Legal, Risk, and Compliance on ICT and third-party oversight – they own risk, you bring security context.

Your Profile

5+ years in security engineering or GRC, with time in a regulated environment.
Track record of running security reviews on real initiatives and explaining security clearly to engineers, execs, and auditors.Experience designing and running security programs end-to-end – vulnerability management, access governance, or external testing (pentests, TLPT, ASV scans, bug bounty) – and driving findings to closure.
Hands-on support for at least two of PCI DSS, DORA, CSSF, ISO 27001, or SOC 2, including direct work with external auditors.
Working knowledge of AWS and Kubernetes – enough to read IaC, validate findings, and push back on weak fixes.
Comfortable scripting and automating to cut manual GRC work. Strong written and spoken English.

Nice to Have

Experience building security automation or internal tooling that reduces manual effort – for vulnerability management, access reviews, or incident response.
Experience in a fintech, payments, or EMI-licensed company

Why Join Vivid?

We have a hybrid model in our Limassol office, or fully remote outside office locations.
We support relocation to Cyprus (visa, package) when needed.
Competitive senior-level compensation, reflecting the seniority and impact of the role (depending on location).
Learning & development budget to support your professional growth.
Fully paid vacation and sick leave.
Sports compensation.
Real growth prospects, significant responsibility, and the ability to make an immediate impact from day one.

Enhance your expertise and shape the future of FinTech. Join Vivid's talented team and help us revolutionize how businesses think about their finances!

About Vivid

At Vivid, we're on a mission to change how businesses and individuals manage their money across Europe. For businesses, we build tools that actually make a difference: multi-IBAN accounts, high-yield savings, business cashback, team cards, and accounting integrations that save real time — all in one place. And for individuals, we offer a simple way to manage and grow your wealth: access to global stocks, ETFs and 150+ cryptocurrencies, cashback, and personalised financial insights.

Our mission? Your success. Everyone deserves the chance to see their finances flourish, and we're dedicated to empowering our customers to make this a reality.

Founded in 2019 in Berlin by Alexander Emeshev and Artem Iamanov, Vivid has quickly grown into one of Germany's top financial platforms for SMEs and private accounts. Since then, we've expanded rapidly across Europe, earning the trust of over 500,000 customers — and with over €200 million raised and a valuation of €775 million, we're just getting started.

We're building Vivid as an AI-native organization — across every function, from product to compliance to operations. Automation handles a growing share of day-to-day execution. For us, this means our teams can focus on architecture, strategy, and high-impact decision-making. This changes how we work: less manual execution, more ownership in building systems that scale. We want to help define what AI-native looks like in a regulated financial environment — and we're looking for people who want to build that future with us.