Senior Security Engineer

About Calo (more here)

Calo is an app providing personalized meal plans for busy people through nutritional algorithms built with love by chefs nutritionists and software engineers.

Launched in Bahrain in 2019 we have since expanded to 7 countries delivered millions of meals to our customers and are now expanding our mission of making healthy easy to retail and other verticals.

Were on a noble mission to make healthy easy. We think this is one of the most important problems to tackle in our world today. We have global ambitions - no small thinking here.

Why This Role Matters

Security is foundational to how we scale responsibly. As our systems products and data grow this role ensures we reduce real risk while enabling fast confident delivery. Youll help set the security bar across infrastructure applications and compliance building strong guardrails without slowing teams down.

This role sits within the Platform team and plays a critical role in protecting our customers systems and business.

Role Overview

Were looking for a Senior Security Engineer to own and elevate our security posture across cloud infrastructure application security and compliance.

This is a hands-on execution-driven role. Youll design and implement controls automate security checks proactively identify risks and work closely with engineering teams to ship fixes into production. Youll also help the company stay audit-ready by maintaining evidence and controls in tools like Drata.

What Youll Do

• Own and drive the security roadmap by identifying high-risk areas prioritizing work and delivering measurable improvements.

• Work closely with Platform Product Engineering Data and Leadership to embed security into everyday delivery.

• Benchmark systems against relevant standards (e.g. OWASP Top 10 / ASVS CIS where applicable) and translate findings into clear actionable remediation plans.

• Run threat modeling and security reviews for major architectural or product changes.

• Proactively identify and remediate security issues across: Application code and APIs Cloud infrastructure and configurations & Authentication authorization secrets and data access.

• Personally triage findings write fixes and work with teams to get changes merged and deployed safely to production.

• Strengthen IAM least privilege secrets management encryption logging/monitoring and secure networking practices.

• Ensure production environments follow secure baseline practices (hardening patching access control auditing).

• Review and improve WAF rules rate limiting and abuse prevention in a practical measurable way.

• Build and maintain incident response playbooks support investigations and drive post-incident improvements.

• Support security and privacy requirements relevant to the business (e.g. GDPR PDPL).

• Maintain control mapping and evidence in Drata (or similar tools) with a strong focus on automation.

What Were Looking For

• 6 years of experience in security engineering or a closely related role.

• Proven experience leading security efforts in startups or high-growth environments.

• Strong hands-on background you can identify an issue fix it and ship it to production yourself.

• Solid understanding of secure system design and common vulnerability classes (OWASP Top 10 auth/session security API security data protection).

• Solid experience securing AWS environments: IAM KMS/encryption secrets management logging/auditing network controls.

• Experience securing CI/CD pipelines build systems and runtime environments.

• Experience with incident response vulnerability management and security monitoring.

• Clear communicator who can explain risk trade-offs and recommendations in a way teams actually adopt.

Who You Are

• Practical and execution-driven you focus on reducing real risk not writing security theatre.

• Comfortable operating independently and setting priorities without heavy process.

• Collaborative by default you partner with engineers and enable them with secure defaults.

• High-ownership mindset you take problems from discovery all the way to production.

• Experienced in startup environments and comfortable with ambiguity and speed.

• Background outside of heavily regulated fintech environments (preferred).

The Hiring Journey

1. Screening meeting with TA

2. Case Study

3. Technical interview 1

4. Technical interview 2

5. Culture-fit interview

6. Offer stage

Ready to Join

If this role excites you and you see yourself matching at least 85% of the criteria above what are you waiting for Yalla lets gooo!