Careers
Join the Future of
Brand Protection
Help us build the platform that brands trust to protect their intellectual property in the digital economy. We’re looking for passionate people who want to make an impact.
Benefits
We take care of our team
Competitive compensation and a benefits package designed for the modern workforce.
Remote-First
Work from anywhere in the world. We believe great talent is everywhere — not just in one office.
Health & Wellness
Comprehensive health, dental, and vision coverage for you and your dependents. Plus a wellness stipend.
Learning & Growth
Annual learning budget for courses, conferences, and certifications. We invest in your professional development.
Equity
Meaningful equity ownership so you share in the success of the company you help build.
Generous PTO
Flexible time off with a minimum of 25 days per year, plus public holidays and parental leave.
Team Events
Annual company retreats, virtual team events, and co-working meetups to stay connected.
Culture
How we work together
Our culture is built on four core principles that guide how we collaborate, innovate, and deliver results.
Ownership
We take accountability for our work and empower every team member to make decisions.
Curiosity
We ask questions, experiment boldly, and learn continuously to stay at the forefront.
Impact
We prioritize work that moves the needle for our customers and the company.
Collaboration
We build together across disciplines, time zones, and perspectives.
Open Positions
Current opportunities
We’re growing our team across engineering, security, and compliance. Find the role where you can make the biggest impact.
What you’ll do
- Design, build, and ship full-stack features across the Cyrolo web app, admin panel, and API service within our Turborepo monorepo
- Develop and optimize React Server Components and Client Components in Next.js 14 with App Router, delivering fast, accessible interfaces for brand owners and compliance teams
- Model, migrate, and query data in PostgreSQL via Prisma, maintaining a schema that currently spans 95+ models covering brand protection, compliance scanning, document signing, and more
- Build and maintain BullMQ worker jobs that power marketplace scanning, removal verification, credential minting, and scheduled compliance audits
- Integrate third-party services — Stripe billing, Resend email, Cloudflare R2 storage, EUIPO trademark API — ensuring reliability and graceful error handling
- Collaborate with product and design to translate requirements into performant, maintainable code with strong TypeScript types across all shared packages
- Participate in code reviews, architectural decisions, and on-call rotation for production incidents
What we’re looking for
- 5+ years of professional experience building production web applications with TypeScript and React
- Deep expertise with Next.js (App Router, Server Actions, middleware, ISR/SSR strategies)
- Strong relational database skills — schema design, query optimization, migrations — ideally with Prisma and PostgreSQL
- Experience with background job systems (BullMQ, Sidekiq, Celery, or similar) and Redis
- Track record of shipping in monorepo architectures (Turborepo, Nx, or Lerna)
- Comfortable working across the full stack: REST APIs, webhooks, auth flows, and modern CSS (Tailwind)
- Excellent written communication — we are remote-first and documentation-driven
Nice to have
- Experience with Fastify or Express for standalone API services
- Familiarity with Stripe Connect, subscription billing, or usage-based pricing models
- Prior work in brand protection, IP enforcement, or legal-tech SaaS
- Knowledge of Cloudflare Workers, R2, or edge-computing patterns
What you’ll do
- Design and iterate on prompt chains that power infringement-report analysis, security-finding triage, GDPR/CCPA/CNIL/LGPD compliance report generation, and trademark class recommendation
- Build evaluation harnesses and golden-set benchmarks to measure accuracy, latency, and cost across model versions (Claude Opus, Sonnet; GPT-4o) and prompt revisions
- Architect a model-routing layer that selects the right model and context window for each task, balancing quality and spend
- Develop structured-output parsers to extract typed signals, risk scores, and actionable findings from LLM responses and feed them into downstream workflows
- Collaborate with the security team to integrate AI-driven hypothesis generation into the 364-module pentest engine, improving detection rates for novel vulnerability classes
- Explore fine-tuning and retrieval-augmented generation (RAG) approaches to improve domain-specific accuracy for IP law, trademark classification, and compliance standards
- Monitor production AI pipelines for regressions, hallucinations, and edge-case failures; build alerting and automatic fallback mechanisms
What we’re looking for
- 3+ years of hands-on experience building production AI/ML systems — not just notebooks
- Deep expertise in prompt engineering, chain-of-thought reasoning, and structured output techniques for LLMs (Claude, GPT-4, or comparable)
- Strong TypeScript or Python skills with experience integrating LLM provider APIs (Anthropic SDK, OpenAI SDK)
- Experience designing evaluation frameworks: golden sets, A/B testing, automated scoring
- Solid understanding of transformer architectures, tokenization, context-window management, and cost modeling
- Familiarity with RAG patterns, vector databases (Pinecone, Weaviate, pgvector), and embedding models
- Ability to communicate technical trade-offs clearly to non-ML stakeholders
Nice to have
- Experience with compliance or legal-tech AI applications (GDPR analysis, contract review, IP classification)
- Background in cybersecurity or familiarity with CVE databases, OWASP categories, and security testing frameworks
- Prior work with model fine-tuning (LoRA, QLoRA) or distillation for domain-specific tasks
- Contributions to open-source AI/ML tooling or published research in NLP
What you’ll do
- Architect and maintain the Chia integration layer: credential minting (CAT/NFT), Data Layer store publication, and DID issuance using Chia RPC and WalletConnect
- Build robust transaction lifecycle management — submission, confirmation tracking, retry logic, and fee estimation — handling simulator, testnet, and mainnet environments
- Design and implement the WalletConnect-based browser signing flow that lets brand owners sign authority grants and verification challenges from their Chia wallets
- Develop the public verification system that resolves on-chain credentials, validates signatures, and renders human-readable trust records at /verify/* endpoints
- Create Data Layer schemas and publication workflows that anchor brand-verification cases, authority grants, and signed documents to the Chia Data Layer
- Work with security and compliance teams to define key-management policies, DID rotation procedures, and audit trails for all blockchain operations
- Write comprehensive integration tests against the Chia simulator and testnet; maintain a CI pipeline that validates on-chain behavior before mainnet deployment
What we’re looking for
- 3+ years of blockchain development experience — smart contracts, transaction construction, or protocol-level work on any major chain
- Hands-on experience with the Chia ecosystem: CLVM, CATs, NFTs, Data Layer, or Chia wallet RPC
- Strong TypeScript/Node.js skills for integrating blockchain operations into a Next.js / Fastify backend
- Deep understanding of digital signatures (BLS, ECDSA), DIDs, verifiable credentials, and key management best practices
- Experience with WalletConnect or similar wallet-bridging protocols for dApp ↔ wallet communication
- Comfort working across environments (simulator, testnet, mainnet) with feature flags and environment-specific configuration
- Strong testing discipline — you believe blockchain code requires higher test coverage than most application code
Nice to have
- Contributions to Chia open-source projects or community tooling
- Experience with other blockchain ecosystems (Ethereum, Solana, Cosmos) that can inform cross-chain strategy
- Familiarity with W3C Verifiable Credentials, DIDComm, or decentralized identity standards
- Background in PKI, certificate authorities, or digital trust infrastructure
What you’ll do
- Author, test, and maintain automated pentest modules across recon, vulnerability assessment, exploitation, and validation layers (L0–L15 and Omega tiers)
- Develop platform-specific detection logic for WordPress, Shopify, WooCommerce, Next.js, Laravel, Django, Rails, Magento, and other supported frameworks
- Integrate AI-assisted analysis (Claude) into the scanning pipeline: hypothesis generation, finding validation, remediation suggestion, and severity scoring
- Build a continuous evaluation framework that benchmarks scanner accuracy, false-positive rates, and coverage against known-vulnerable test environments
- Research and implement detection for emerging vulnerability classes — supply-chain attacks, API misconfigurations, client-side prototype pollution, SSRF chains
- Collaborate with the platform team to expose scanner findings through actionable, prioritized dashboards with clear remediation guidance for non-technical brand owners
- Contribute to Cyrolo's own application security: threat modeling, dependency auditing, secret rotation, and secure-coding standards across the monorepo
What we’re looking for
- 5+ years in offensive security, penetration testing, or security engineering with a focus on web applications
- Expert-level knowledge of OWASP Top 10, common CMS vulnerabilities, API security flaws, and cloud misconfigurations
- Strong programming skills in TypeScript or Python — you write security tools, not just run them
- Experience building or contributing to automated scanning/fuzzing frameworks (Burp extensions, Nuclei templates, custom tooling)
- Deep understanding of HTTP, TLS, DNS, authentication protocols (OAuth, JWT, SAML), and session management
- Familiarity with CMS internals (WordPress plugin architecture, Shopify Liquid, WooCommerce hooks) for targeted detection
- Relevant certifications (OSCP, OSWE, GPEN, GWAPT) or demonstrable equivalent experience
Nice to have
- Experience with AI/LLM-assisted security testing or automated exploit generation
- Published CVEs, bug bounty track record, or security conference talks
- Background in compliance scanning (PCI-DSS, SOC 2, ISO 27001) in addition to offensive testing
- Familiarity with BullMQ or similar job-queue architectures for distributed scanning workloads
What you’ll do
- Maintain and extend compliance scanner orchestrators for GDPR, CCPA, CNIL, LGPD, and Cookie Banner — ensuring each module reflects current regulatory text, enforcement guidance, and case law
- Build and improve detection modules: privacy-policy analysis, consent-mechanism validation, third-party tracker identification, cookie categorization, Do-Not-Sell link detection, and cross-border transfer checks
- Own the EUIPO trademark integration: filing-session management, goods-and-services classification, fee calculation, watch monitoring, and alert workflows via the euipo-service package
- Develop the qualified electronic signature (QES) pipeline — integrating with Trust Service Providers under eIDAS for legally binding document signing with full audit trails
- Create penalty-risk calculators and compliance-score algorithms that give brands quantified risk exposure across jurisdictions
- Write AI-powered report generators that transform raw scan findings into jurisdiction-specific, actionable compliance reports
- Work with external legal counsel to validate scanner accuracy and stay current on regulatory changes (EU AI Act, Digital Services Act, state-level US privacy laws)
What we’re looking for
- 4+ years of software engineering experience with at least 2 years focused on compliance, legal-tech, or regulatory technology
- Working knowledge of GDPR, CCPA/CPRA, ePrivacy Directive, and at least one additional privacy framework (LGPD, CNIL guidelines, UK GDPR)
- Strong TypeScript and Node.js skills — you will work in the same monorepo as the rest of engineering
- Experience consuming government or regulatory APIs (EUIPO, USPTO, WIPO, or similar IP office APIs)
- Familiarity with electronic signature standards: eIDAS, QTSP requirements, XAdES/PAdES/CAdES formats
- Ability to read regulatory text and translate it into deterministic scanner logic with clear pass/fail criteria
- Excellent attention to detail — compliance bugs have legal consequences
Nice to have
- Law degree, paralegal certification, or CIPP/E privacy certification
- Experience with trademark law, Nice Classification, or IP portfolio management
- Background in document-generation systems (PDF/A, digital seals, long-term archival)
- Familiarity with the EU AI Act, Digital Services Act, or Data Governance Act and their technical requirements
What you’ll do
- Own the Railway deployment pipeline for all four services (web, admin, API, worker), including zero-downtime deploys, health checks, rollback procedures, and environment management
- Design and implement comprehensive observability: structured logging, distributed tracing, error tracking, and real-time dashboards for worker job throughput, scan latency, and API response times
- Build and maintain CI/CD pipelines (GitHub Actions + Turborepo) with automated type-checking, linting, testing, Prisma migration validation, and preview deployments for pull requests
- Manage the Redis + BullMQ infrastructure: queue monitoring, dead-letter handling, retry policies, and autoscaling worker concurrency based on queue depth
- Optimize PostgreSQL performance: connection pooling (PgBouncer), query analysis, index tuning, and automated backup/restore procedures for the 95+ model schema
- Maintain the dual-repository sync pipeline between the monorepo and the standalone admin repo, ensuring atomic deployments and zero drift
- Implement security hardening: secret rotation, network policies, rate limiting, DDoS protection (Cloudflare), and access-control auditing across all environments
What we’re looking for
- 4+ years of DevOps, SRE, or platform engineering experience with production Node.js/TypeScript services
- Strong experience with container-based PaaS platforms (Railway, Render, Fly.io) or Kubernetes for deploying and scaling web applications
- Deep knowledge of PostgreSQL operations: replication, connection pooling, performance tuning, backup strategies, and migration management
- Hands-on experience with Redis for caching and job queues, including monitoring, persistence configuration, and memory management
- Proficiency with CI/CD systems (GitHub Actions, GitLab CI, or CircleCI) and infrastructure-as-code principles
- Experience with observability stacks: Datadog, Grafana, or similar — you build dashboards that teams actually use
- Strong scripting skills (Bash, TypeScript) and comfort with Turborepo or similar monorepo build systems
Nice to have
- Experience with Cloudflare (Workers, R2, WAF, Tunnel) or similar edge/CDN platforms
- Familiarity with BullMQ specifically, including Bull Board, pro features, and flow producers
- Background in SOC 2 or ISO 27001 compliance from an infrastructure perspective
- Experience with Prisma migrations in production environments and schema drift detection
Don’t see the right role?
We’re always interested in hearing from talented people. If you’re passionate about brand protection, AI, blockchain, or building great SaaS products, send us your resume.
We’ll keep your application on file and reach out when a matching role opens.