Security Software Engineer | Cryptography & Identity (Python)
TLDR
Develop a secure Python backend interfacing with Azure AD, HashiCorp Vault, and HSMs to manage token exchange, key lifecycle, and cryptographic operations.
About the job
This is a determined period project; estimated project duration - 3-4 months.
We are looking for a security-focused Backend Developer to bridge the gap between high-level application logic and deep-level cryptographic hardware. You will be responsible for building a mission-critical internal Python application that serves as the secure gateway between Azure AD, HashiCorp Vault, and Hardware Security Modules (HSM).
This is a role for a developer who understands that "security" isn’t just a checklist—it’s the core feature. You will work closely with the client’s lead technical expert to design and implement a modular architecture that handles everything from token exchange to master key derivation.
What you'll be doing:
- Architect & Develop: Build a robust Python backend to manage the lifecycle of X.509 certificates, AES, and DES keys.
- Identity Orchestration: Implement complex authentication flows, including OAuth2/Entra ID integration and token exchange for HSM access.
- Secure Integration: Establish secure communication via TLS-secured TCP to HashiCorp Vault and HSM environments.
- Cryptographic Operations: Design and implement key wrapping, unwrapping, and derivation logic (master keys to product-specific keys).
- Deployment: Containerize services using Docker and manage secure networking via reverse proxies (Traefik).
What you need to be successful:
Must-Haves:
- Strong Python Development: Proven experience building production-grade backend applications and consuming/implementing REST APIs.
- Identity & Access: Deep understanding of OAuth2, OpenID Connect, and integration with Azure AD / Entra ID.
- HSM Knowledge: Practical experience interfacing with Hardware Security Modules (e.g., Thales/Luna) via API/TLS protocols.
- Cryptography Fundamentals: Proficiency in AES-128/256, DES/TDES, and secure key lifecycle management.
- Infrastructure: Solid experience with Docker, Linux server operations, and TLS handshake mechanisms.
Nice-to-Haves:
- HashiCorp Vault: Experience with Vault operations, policy design, and secrets engines.
- Security Design: Experience in threat modeling and data-at-rest/transit protection.
- Network Security: Experience configuring ingress controllers/reverse proxies like Traefik.
On-site Work Expectations
The consultant should work on-site in Norway initially (first month or until fully productive). After that, remote work is acceptable; they will must travel when certain secure operations/testing will be required.
Wirtek specializes in delivering comprehensive cyber security solutions tailored for advanced technology companies worldwide. By addressing security needs across varied technology domains—such as cloud, web, endpoint, and network—they empower businesses to navigate the complexities of today's digital landscape with confidence.