Senior Security Engineer

We are looking for a Senior Security Engineer to lead security governance, compliance, and assurance work in our fully cloud-native AWS environment. You will work as part of our security team, owning a broad scope: running security reviews and approvals for new initiatives, leading access reviews, designing our vulnerability and incident response frameworks, driving PCI DSS, DORA, and CSSF audits, and managing external penetration testing programs.

We are an EMI-licensed fintech, use AI heavily, and we are growing fast. We need someone who can keep our security in good shape for regulators and auditors, explain it clearly to leadership, and ship practical solutions instead of paperwork.

Your Mission

Security Reviews & Access Governance

• Review new products, features, architectural changes, vendors, and AI systems early in design – give a clear verdict on what's safe to ship, what must be fixed first, and what we accept.

• Own access recertification end-to-end (scope, automation, evidence, audit readiness) and make sure joiner/mover/leaver, privileged access, and SoD controls actually work across AWS, Kubernetes, SaaS, and internal tools.

Vulnerability Management, Incident Response & Pentesting

• Run the remediation process end-to-end: severity model, SLAs, exceptions, ownership routing, escalation, and leadership reporting. Turn output from SAST, SCA, container, cloud, and AI scanners into prioritized work with readable dashboards.

• Design the IR and containment framework (escalation paths, isolation triggers, decision authority, documentation) and define logging standards – what's captured, retention, protection, reporting – so the security team and auditors can rely on it.

• Plan and run external testing across apps, AWS, Kubernetes, and AI systems: pentests, TLPT (DORA), ASV scans (PCI DSS), and bug bounty. Drive findings to closure and feed recurring issues back into preventive controls.

  Compliance & Audit (PCI DSS, DORA, CSSF)

Lead security workstreams across audits: scoping, evidence, walkthroughs, findings response, and remediation tracking.

Maintain a living mapping of regulatory requirements to internal controls and evidence, and support Legal, Risk, and Compliance on ICT and third-party oversight – they own risk, you bring security context.

Your Profile

• 5+ years in security engineering or GRC, with time in a regulated environment.

• Track record of running security reviews on real initiatives and explaining security clearly to engineers, execs, and auditors.

• Experience designing and running security programs end-to-end – vulnerability management, access governance, or external testing (pentests, TLPT, ASV scans, bug bounty) – and driving findings to closure.

• Hands-on support for at least two of PCI DSS, DORA, CSSF, ISO 27001, or SOC 2, including direct work with external auditors.

• Working knowledge of AWS and Kubernetes – enough to read IaC, validate findings, and push back on weak fixes.

• Comfortable scripting and automating to cut manual GRC work. Strong written and spoken English.

Nice to Have

• Experience building security automation or internal tooling that reduces manual effort – for vulnerability management, access reviews, or incident response.

• Experience in a fintech, payments, or EMI-licensed company.

Why Join Vivid?

• We have a hybrid model in our Limassol office, or fully remote outside office locations. 

• We support relocation to Cyprus (visa, package) when needed.

• Competitive senior-level compensation, reflecting the seniority and impact of the role (depending on location). 

• Learning & development budget to support your professional growth. 

• Fully paid vacation and sick leave. 

• Sports compensation. 

• Real growth prospects, significant responsibility, and the ability to make an immediate impact from day one.