Security Engineer

Remote /
Product & Technology – Engineering /
Whereabouts: At Whereby we work from everywhere within CET +/- 7 hours, however, especially for roles focusing on security we do have some limitations, as described here
Interviews: Around 4-6 hours over a few weeks, including some practical work
Salary: £65,000 - £72,000 (Depending on seniority)
Other: Please note that this process will involve a full criminal records and background check

“I’ve never seen a job being done by a five-hundred-person engineering team that couldn’t be done better by fifty people.” - C. Gordon Bell

Ask us anything: or check out our FAQ for candidates here

Your mission at Whereby*
Make security a differentiator for Whereby, by strengthening our security practices and build processes and systems to stay ahead of customers' expectations and threat scenarios in the market.

*This is the mission that moves you and your team through our strategic roadmap, and should be your focus for up to a year or two.

What is Whereby all about
Freedom to work from anywhere: our mission with Whereby is to give people freedom to live and work where they thrive.

📍 Our global HQ is in Oslo, Norway, but our users (and team) are worldwide - having been used in nearly every country in the world by millions of folk. 🌏
By making it possible to collaborate as well over video as you can in real life, we want to give you the choice to work from where your life happens. To allow you to be in a place where you can think and focus, but also allow a seamless and instant connection with others when you need to.
For our 70 team members, and also for our customers, we know that the ability to decouple location from work can be life-changing. They can afford the house they want, can spend less time commuting, be closer to nature, and their children get to grow up seeing their grandparents every day. Everyone on our team enjoys the enormous benefits that a flexible work policy brings, and we truly believe the future of work will gravitate towards our vision of the future.

Engineering at Whereby
We strongly believe in the superpowers of a well-led, and expertly designed engineering team. We are an engineering-centric business who hopes to scale our operation sustainably, with beautiful code, an ethical approach to our users and data, and an innovative opinion on new technologies in the market.

We try to ensure both that we're building the right thing and building the thing right. We analyse data, talk to users, prototype and iterate. We focus on discovering and solving user problems, not just building and shipping features. 

Working with security at Whereby means that your work will span across all engineering teams and the company at large.

🔍 What we're looking for in a Security Engineer
We're looking for an engineer with hands-on security experience. You'll work with other engineers and our Information Security Lead to implement security practices, develop scalable systems and tools, and embed a security-conscious approach across all our teams.

We expect you to be motivated by understanding the intricacies of our platform, identifying and mitigating risks, and implementing scalable solutions.

🌎 We believe in everyone
We fundamentally believe talent is distributed to all of us in equal measure. We open our doors (physical or URL) to everyone and we see our differences as a strength; it’s this philosophy that drives us towards our mission.
This means we see your unique history as having a value money cannot buy; we believe in the strength of every intersection of race, religion or belief, ethnic origin, different physical ability, family structure, socio-economics, age, nationality or citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity.

⚒️ The nuts and bolts of the role*
* Please do not see everything in this job ad as "must have", but rather a guiding list of what we're looking for. We know that no candidate will be the perfect match for all we've mentioned in this posting, so don't be afraid to apply if you feel you're close to the brief but not "spot on".

We are prioritising attitude, aptitude, and the kinds of projects you've worked on in favour of years' experience. With that said, you may be a good fit if you...

Your previous experience

    • Have experience in a hands-on engineering role with security or infrastructure focus.
    • Have managed and secured cloud infrastructure (we use AWS)
    • May have also managed physical hardware in data centres
    • Have experience with penetration testing and tools, for example Burp Suite or Metasploit
    • Have previously worked with Network monitoring systems, IDS/IPS, web application firewalls and audit tools
    • See yourself as an evangelist of security, encouraging engineers across the company to build secure software
    • See yourself configuring infrastructure, diving into application code, making tooling and technology choices, conducting training for colleagues, or anything else needed to move security forward at Whereby
    • Are open-minded to other perspectives and able to present your ideas effectively to a broad range of people and professions
    • Are a really nice person with loads of ambition!

Your attributes

    • Self-directed
    • Creative
    • Detail-oriented
    • Design-thinker
    • Collaborative

🌟 How we'll measure your success

    • We have all the monitoring necessary to build confidence in our security posture
    • Our continuous delivery processes are enabling us to quickly and regularly ship software with a high level of security
    • The product and infrastructure is at a stage where we can have an open bounty program

Strategic responsibilities

    • Work with our Information Security Lead to develop security strategy at Whereby, building systems and processes that empower teams to move quickly and safely

Tactical responsibilities

    • Develop our approach to application security, consulting with engineers across the org to improve security practices
    • Perform threat-modelling to identify risks and work with engineers from across Whereby to mitigate them
    • Automate and manage system access controls and permissions
    • As long as the projects you’d work on are directly relevant to security at Whereby we’ll be open to adapt the tactical responsibilities of the role to the priorities set by you and your manager after getting to know you better

Foundational responsibilities

    • Ensure both our cloud infrastructure and other data centres are secure
    • Automate security processes and monitoring
    • Manage keys, certificates and other secrets
    • Respond to incidents, make and implement follow-up recommendations
    • Have fun, learn and share your knowledge and expertise while doing so
Your progression
In this role you'll be able to directly impact how we stay ahead of customers' security expectations and mitigate threat scenarios in the market. There's lots of scope for you to be self-directed, and develop your influence and leadership skills here.
There's also time (and budget) to help you deepen your security expertise and become a specialist in particular areas of your domain.
Over time, you should form an idea of whether you want to lead our security engineering efforts, or specialize within your field and role. As we expect our security function to grow, both paths will be available to you.

You've read all this way... you may as well apply! 🙌

If you have any more questions, take a peek at our Recruitment FAQ on Notion or drop us an email to