Search...

Senior DevSecOps Engineer

Vivid logo
Vivid

Vivid offers an all-in-one financial platform for both businesses and individuals, combining banking services with investment opportunities. It provides business accounts with features like high-interest rates, cashback, invoicing, and payment solutions, targeting freelancers, startups, and companies. It also offers personal accounts with options to invest in stocks, ETFs, and crypto.

Luxembourg, LUX
About Vivid

Vivid offers a range of financial services for both personal and business use. For businesses, it provides accounts, interest accounts, international transfers, cards, cashback, payment solutions, invoicing, bookkeeping, integrations, and business travel services. It also features a Crypto Earn account. For personal users, Vivid offers accounts, payments, cards, investment options in stocks, ETFs, and crypto, as well as rewards, interest rates, and various pricing plans like Prime. The company operates through several entities: Vivid Money S.A. in Luxembourg, authorized as an electronic money institution; Vivid Money B.V. in the Netherlands, licensed as an Investment Firm and Crypto Asset Service Provider; Vivid Digital S.r.l. in Italy, a registered Virtual Asset Service Provider; and Vivid Money GmbH in Germany. These entities provide specific services like payment services, investment and crypto services, and digital asset services to customers in various jurisdictions.

View jobs by Vivid

Skills

About the Role

You'll join Vivid's security and engineering teams to strengthen and scale security practices across a fully cloud-native AWS environment. You will make hands-on improvements to cloud and Kubernetes security, vulnerability management, and perform security reviews across infrastructure and applications, while also contributing to long-term security direction. As Vivid actively adopts AI, uses LLMs extensively, and builds internal AI agents, you will play a key role in making sure security scales alongside innovation and regulatory requirements.

Requirements

  • 5+ years of hands-on experience in DevSecOps, Cloud Security, or related fields
  • Strong hands-on experience operating AWS and Kubernetes in production environments
  • Experience implementing security in Infrastructure as Code and CI/CD workflows
  • Solid understanding of cloud security fundamentals such as access control, secrets management, network security, and encryption
  • Familiarity with container security and common application security risks
  • Deep understanding of AI/LLM security risks, including prompt injection, data leakage, model abuse, and agent privilege escalation; hands-on experience securing AI infrastructure components such as LLM gateways, MCP servers, or agent-based workflows
  • Comfortable with scripting and working in Git-based development environments
  • Good communication skills and ability to work effectively with engineering and product teams
  • Comfortable communicating clearly in English, both written and spoken
  • Experience scaling security practices in fast-growing or regulated environments (nice to have)
  • Experience building internal security tooling or automation from scratch (nice to have)

Responsibilities

  • Continuously improve the security of AWS and Kubernetes platforms
  • Strengthen IAM, RBAC, encryption, secrets management, and network controls through secure-by-default policy-as-code
  • Manage edge security, including traffic filtering, WAF configuration, and external exposure management
  • Perform security reviews of new services, architectural changes, and platform components
  • Embed automated security controls into SDLC and CI/CD, including SAST, dependency and container scanning, and policy enforcement
  • Lead vulnerability management processes, including detection, assessment, prioritization, and reporting
  • Integrate automation and AI-assisted tooling to enhance security reviews and reduce manual effort
  • Define and implement security controls for AI infrastructure components, including gateways, MCP servers, and model proxies
  • Identify and mitigate AI-specific risks such as prompt injection, data leakage, and agent privilege escalation

Benefits

  • Hybrid model in Limassol office, or fully remote outside office locations
  • Relocation support to Cyprus (visa, package) when needed
  • Learning & development budget
  • Fully paid vacation and sick leave
  • Sports compensation