About the Opportunity
Candidates must be located in the eastern time zone
Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.
We are looking for a committed and driven Security Engineer with experience working in cloud-native product infrastructure and corporate environments. In this role, you will manage daily alerts and operations while leading broader collaborative initiatives, such as architecture design, threat modeling, and vulnerability identification, to drive meaningful security improvements. Candidates should be skilled in cloud-native technologies, with demonstrable proficiency in infrastructure-as-code and application development.
This hands-on role offers an opportunity to grow your expertise in cloud technologies and security tooling while making a meaningful impact by embedding security practices and supporting secure third-party integrations in a fast-paced software-as-a-service environment.
What to Expect
- Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.
- Lead security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to proactively identify and address risk.
- Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues across product and corporate environments.
- Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.
- Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen the security of systems and environments.
- Advance the development, customization, and maintenance of hardening standards and monitoring mechanisms for systems and environments.
- Drive security and monitoring enhancements to containerized workloads and orchestration platforms.
- Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.
- Collaborate in defining and monitoring evolving security compliance and regulatory requirements.
- Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.
What You Need to Be Successful
- 4+ years of security engineering, DevSecOps, or equivalent experience.
- Hands-on expertise with AWS architecture, services, and security features.
- Proficiency in Python to build and maintain security tools.
- Familiarity with Kubernetes and container security, including configuration and runtime protection.
- Exposure to JavaScript and Go with the ability to perform security code reviews.
- Experience using Terraform to build, deploy, and maintain infrastructure as code.
- Strong foundational networking knowledge covering cloud networking concepts, the OSI model, TCP/IP, and routing fundamentals.
- Demonstrable ability to embed security considerations throughout the software development lifecycle.
- Hands-on involvement supporting vulnerability management and incident response functions.
- Familiarity with authentication and authorization protocols and mechanisms (OAuth, SAML, JWT, IAM)
- Experience identifying and mitigating OWASP Top 10 vulnerabilities in web applications and APIs.
- Clear and effective communication skills.
- Ability to articulate security risks and tradeoffs to both technical and semi-technical audiences.
- A proactive, growth-oriented mindset focused on continuous learning, innovation, and raising security standards.
- Passionate about designing and performing hands-on implementation work.
- Ability to work in a fast-paced environment, often juggling multiple projects.
This role will need to be conducted in a state in which we are currently registered to do business. In addition, this position is not eligible for visa sponsorship. Applicants must be authorized to work without the need for visa sponsorship by the start date of employment.
Who are we?
Contentful is a leading digital experience platform that helps modern businesses meet the growing demand for engaging, personalized content at scale. By blending composability with native AI capabilities, Contentful enables dynamic personalization, automated content delivery, and real-time experimentation, powering next-generation digital experiences across brands, regions, and channels for more than 4,200 organizations worldwide. More than 700 people from more than 70 nations contribute their energy and creativity to Contentful, working from hubs in Berlin, Denver, San Francisco, London, New York, and distributed worldwide.
Everyone is welcome here!
“Everyone is welcome here” is a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences, and we are proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical [dis]ability, or length of time spent unemployed. We invite you to apply and join us!
If you need reasonable accommodations at any point during the application or interview process, please let your recruiting coordinator know.
_Please be aware of scammers who may fraudulently allege to be from Contentful. These types of fraud can be carried out through copycat websites, fake email addresses claiming to be from our company, or social media. We do not ask for your personal information, such as bank account numbers, identification numbers, etc, through social media or chat-based apps, nor do we request or send money for the purchase of business equipment. If you suspect fraud, please report it to your local authorities, as well as reach out to us at security-esk@contentful.com _with any information you may have.
By clicking “Apply for this job,” I acknowledge that I have read the “Contentful’s Candidate Privacy Notice” and hereby consent to the collection, processing, use, and storage of my personal information as described therein.