About the job

whitson grew by >100% last year, and to continue our growth we're looking for 2 new software engineers with start date asap!

What we are looking for

We’re looking for a hands-on and motivated Cloud Security & Optimization Engineer to help us strengthen and scale the cloud infrastructure behind Whitson’s software products — both the platforms we’ve already built and the exciting softwares we’ll build in the future.

In this role, you’ll work closely with our CTO and engineering team to ensure our systems are secure, reliable, and efficient. Your focus will be on improving how we manage cloud resources, protect our data, and meet important security and compliance standards (like SOC 2 and ISO 27001).

You’ll play a key part in shaping our infrastructure — helping us reduce costs, boost performance, and keep everything running smoothly and safely. We’re looking for someone who enjoys problem solving, has real-world experience working with cloud platforms and containers (like Docker and Kubernetes), and is eager to take ownership of meaningful work.

If you enjoy building systems that are secure, efficient, and ready for scale — and want to grow as an engineer while working with a collaborative team on important, long-term products — we’d love to hear from you.

Key Responsibilities:

• Cloud Optimization Leadership: Drive initiatives focused on optimizing our cloud footprint across key dimensions: performance tuning, security posture enhancement, operational reliability, and cost management.

• Compliance and Governance: Assist in implementing and automating security controls to meet compliance requirements (e.g., SOC 2, ISO 27001, PCI-DSS, HIPAA, GDPR) and internal policies.

• Security:

o Cloud Architecture: Provide expertise and guidance on secure cloud architecture patterns and best practices across SaaS environments.

o Infrastructure: Implement and manage security configurations for cloud infrastructure in GCP.

o Container: Secure containerized environments (Docker, Kubernetes), including image scanning, runtime security, network policies, and secrets management within orchestrators.

o Automation: Develop scripts and tools (Python, Bash, Go, etc.) to automate security tasks, monitoring, alerting, and incident response processes.

• Vulnerability Management: Implement and manage vulnerability scanning tools for infrastructure, applications, and dependencies; prioritize and drive remediation efforts.

• Mentorship: Potentially mentor junior engineers and share security knowledge across teams.

Skills We’re Looking for:

• Experience: experience in DevOps, Security Engineering, or cloud engineering roles.
• Containerization: Solid experience with Docker and container orchestration platforms like Kubernetes, including securing clusters and container lifecycles.
• Scripting/Automation: Proficiency in scripting languages such as Python or Bash for automation.
• Operating Systems: Proficient with Linux Server environments.
• Cloud Proficiency: Hands-on experience with configurations in at least one major cloud provider (AWS, Azure, or GCP).
• Technical Depth: Good understanding of core cloud services as compute, storage, networking, databases, serverless, containers, security, and monitoring.
• Security Concepts: Understanding of core security principles, networking concepts (TCP/IP, DNS, VPNs, firewalls, WAFs), encryption, identity and access management (IAM), OWASP Top 10, and threat modeling.
• Analytical Skills: Strong analytical and problem-solving skills, with the ability to interpret data (cost, performance, security) to drive optimization decisions.
• Collaboration: Excellent communication, collaboration, and problem-solving skills.
• Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience.

Bonus Point for:

• Cloud Optimization Expertise: Proven, hands-on experience optimizing existing cloud environments across cost, performance, security and/or reliability.
• Compliance frameworks: Experience with SOC 2- and ISO 27001 certifications.
• CI/CD Expertise: Proven experience building, securing, and managing CI/CD pipelines using tools like Jenkins, GitLab CI, Azure DevOps, GitHub Actions, CircleCI, etc.
• Security Tools: Hands-on experience with security tools such as:

o SAST (e.g., SonarQube, Checkmarx, Veracode)

o DAST (e.g., OWASP ZAP, Burp Suite, Veracode)

o SCA (e.g., Snyk, Black Duck, Nexus IQ)

o Vulnerability Scanners (e.g., Nessus, Qualys, OpenVAS)

o Secrets Management (e.g., HashiCorp Vault, Cloud Provider KMS/Secrets Manager)

You Have

• A completed Technical Bachelor’s and/or master’s degree, or have proven track record (not strictly required)
• Strong English speaking and writing skills
• Eagerness to learn and enthusiasm about your work

What can we offer you?

We reward quality when we see it and compensation is therefore based on the knowledge you will bring to whitson. As we are a growing organization, you have the opportunity to really make a difference within whitson and grow with us. We offer a passionate environment, which allows you to further develop and expand your knowledge and expertise.

Conditions

• Location: Oslo
• Deadline: 15 May 2025
• Start date: ASAP

Hiring Process

• Send us: Your application | CV | Grade transcript | Link to your GitHub account, and/or any reference projects. [email protected]
• Relevant candidates will be called for an interview
• Associated programming task to be completed within 2 weeks