Security Software Engineer – Cryptography, Identity, Python

Wirtek Romania

contract

Posted on: 3/24/2026

Location Type: Hybrid

Location: Cluj-Napoca • Norway

✨ AI Apply

About the role

Architect & Develop: Build a robust Python backend to manage the lifecycle of X.509 certificates, AES, and DES keys.
Identity Orchestration: Implement complex authentication flows, including OAuth2/Entra ID integration and token exchange for HSM access.
Secure Integration: Establish secure communication via TLS-secured TCP to HashiCorp Vault and HSM environments.
Cryptographic Operations: Design and implement key wrapping, unwrapping, and derivation logic (master keys to product-specific keys).
Deployment: Containerize services using Docker and manage secure networking via reverse proxies (Traefik).

Strong Python Development: Proven experience building production-grade backend applications and consuming/implementing REST APIs.
Identity & Access: Deep understanding of OAuth2, OpenID Connect, and integration with Azure AD / Entra ID.
HSM Knowledge: Practical experience interfacing with Hardware Security Modules (e.g., Thales/Luna) via API/TLS protocols.
Cryptography Fundamentals: Proficiency in AES-128/256, DES/TDES, and secure key lifecycle management.
Infrastructure: Solid experience with Docker, Linux server operations, and TLS handshake mechanisms.
HashiCorp Vault: Experience with Vault operations, policy design, and secrets engines (nice-to-have).
Security Design: Experience in threat modeling and data-at-rest/transit protection (nice-to-have).
Network Security: Experience configuring ingress controllers/reverse proxies like Traefik (nice-to-have).

Benefits

On-site Work Expectations: Work on-site in Norway initially (first month). Remote work acceptable after first month.
Travel required for secure operations/testing.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

PythonREST APIsOAuth2OpenID ConnectAESDESDockerLinuxTLSCryptography