Protecting one billion people from cyber threats? If you find this proposition more exciting than scary, come on board and grow with us.
Whalebone is a global company working on user-centric cybersecurity products for telcos, ISPs, enterprises, public institutions, and governments that provide millions of everyday internet users unyielding protection from malware, phishing schemes, ransomware, and other malicious digital attacks without the need for them to download anything. Whalebone is headquartered in Brno, Czech Republic.
At this point, Whalebone has 400+ customers in telecommunications and corporate sectors (A1, O2 Telefonica, Tele2, Panasonic, Bauhaus, and many others) around the globe. With over 100 team members of multiple nationalities, Whalebone ranked 22nd in Deloitte’s list of fastest-growing companies in Central Europe.
You will work closely with our CISO and collaborate across the entire company. The team’s mission is to protect Whalebone’s business, products, and customers by proactively managing cybersecurity risks, ensuring compliance with international standards, and raising security awareness company-wide.
In this role, you will partner with Legal, R&D, and customer-facing teams to meet strict customer and regulatory requirements while supporting secure product growth and long-term trust.
Responsibilities
- Own and continuously improve Whalebone’s compliance with international security standards and regulatory requirements.
- Define, maintain, and enforce security policies, processes, and controls across the organization.
- Prepare the company for external audits and new certifications (e.g. SOC 2).
- Manage and evolve internal security tooling, ensuring effective protection of people, devices, and data.
- Actively monitor cybersecurity risks and emerging threats, introducing timely mitigation measures.
- Handle incoming vulnerability reports and coordinate their assessment and resolution.
- Support customer-facing teams by answering security-related questions and building customer trust.
- Collaborate with R&D and Legal teams on product-related security decisions and regulatory compliance.
Requirements
2+ years of experience in information security, cybersecurity, or a related role.
- Experience working with security standards or regulatory frameworks (e.g. ISO, GDPR).
- Experience preparing organizations for audits or certifications.
- Solid understanding of cryptography principles and common threat vectors.
- Basic understanding of malware behavior and modern attack techniques.
- Ability to clearly explain cybersecurity topics to both technical and non-technical colleagues.
- Proactive mindset with the ability to identify future security priorities independently.
Nice to have
- Cybersecurity certifications (e.g. CISSP, CISM, Security+).
- Hands-on experience with vulnerability management or product security monitoring.
- Familiarity with budgeting or planning security investments.
- Experience with Endpoint Protection, Log Management, Mobile Device Management
- Experience with securing Google Workspace and similar SaaS environments
Why to work with us?
- Flexible working hours and the possibility of HO
- 20+5 vacation days, a rewarding financial package, performance bonuses, and the option to choose ESOP as a benefit.
- Make a meaningful difference in the world by protecting both everyday people and important institutions from cyberattacks.
- Equipment of choice - use the budget and choose what is best for you
- Terrace - beautiful view and available for private parties
- Regular events & teambuilding - grill, enjoy pub quiz or have breakfast with us
Position details
- Work setup: On-site
- Location: Jezuitská 14/13, Brno, Czech Republic
- Job type: Full-time
