Calo

Compensation

Full Description

About Calo (more here) Calo is an app providing personalized meal plans for busy people through nutritional algorithms, built with love by chefs, nutritionists, and software engineers. Launched in Bahrain in 2019, we have since expanded to 7 countries, delivered millions of meals to our customers, and are now expanding our mission of making healthy easy to retail and other verticals. We're on a noble mission to make healthy easy. We think this is one of the most important problems to tackle in our world today. We have global ambitions - no small thinking here. Why This Role Matters Security is foundational to how we scale responsibly. As our systems, products, and data grow, this role ensures we reduce real risk while enabling fast, confident delivery. You’ll help set the security bar across infrastructure, applications, and compliance, building strong guardrails without slowing teams down. This role sits within the Platform team, and plays a critical role in protecting our customers, systems, and business. Role Overview We’re looking for a Senior Security Engineer to own and elevate our security posture across cloud infrastructure, application security, and compliance. This is a hands-on, execution-driven role. You’ll design and implement controls, automate security checks, proactively identify risks, and work closely with engineering teams to ship fixes into production. You’ll also help the company stay audit-ready by maintaining evidence and controls in tools like Drata. What You’ll Do Own and drive the security roadmap by identifying high-risk areas, prioritizing work, and delivering measurable improvements. Work closely with Platform, Product Engineering, Data, and Leadership to embed security into everyday delivery. Benchmark systems against relevant standards (e.g., OWASP Top 10 / ASVS, CIS where applicable) and translate findings into clear, actionable remediation plans. Run threat modeling and security reviews for major architectural or product changes. Proactively identify and remediate security issues across: Application code and APIs Cloud infrastructure and configurations Authentication, authorization, secrets, and data access Personally triage findings, write fixes, and work with teams to get changes merged and deployed safely to production. Strengthen IAM least privilege, secrets management, encryption, logging/monitoring, and secure networking practices. Ensure production environments follow secure baseline practices (hardening, patching, access control, auditing). Review and improve WAF rules, rate limiting, and abuse prevention in a practical, measurable way. Build and maintain incident response playbooks, support investigations, and drive post-incident improvements. Support security and privacy requirements relevant to the business (e.g., GDPR, PDPL). Maintain control mapping and evidence in Drata (or similar tools), with a strong focus on automation. What We’re Looking For 6+ years of experience in security engineering or a closely related role. Proven experience leading security efforts in startups or high-growth environments. Strong hands-on background, you can identify an issue, fix it, and ship it to production yourself. Solid understanding of secure system design and common vulnerability classes (OWASP Top 10, auth/session security, API security, data protection). Solid experience securing AWS environments: IAM, KMS/encryption, secrets management, logging/auditing, network controls. Experience securing CI/CD pipelines, build systems, and runtime environments. Experience with incident response, vulnerability management, and security monitoring. Clear communicator who can explain risk, trade-offs, and recommendations in a way teams actually adopt. Who You Are Practical and execution-driven, you focus on reducing real risk, not writing security theatre. Comfortable operating independently and setting priorities without heavy process. Collaborative by default, you partner with engineers and enable them with secure defaults. High-ownership mindset, you take problems from discovery all the way to production. Experienced in startup environments and comfortable with ambiguity and speed. Background outside of heavily regulated fintech environments (preferred). The Hiring Journey Screening meeting with TA Case Study Technical interview 1 Technical interview 2 Culture-fit interview Offer stage Ready to Join? If this role excites you, and you see yourself matching at least 85% of the criteria above, what are you waiting for? Yalla, let’s gooo! 🚀