Security Engineer

About Contentful

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

Job Summary

We are looking for a committed and driven Security Engineer with experience working in cloud-native product infrastructure and corporate environments. In this role, you will manage daily alerts and operations while leading broader collaborative initiatives such as architecture design collaboration, threat modeling, and vulnerability identification, to drive meaningful security improvements.

Key Responsibilities

• Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.
• Lead security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to proactively identify and address risk.
• Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues across product and corporate environments.
• Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.
• Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen security of systems and environments.
• Advance the development, customization, and maintenance of hardening standards, and monitoring mechanisms for systems and environments.
• Drive security and monitoring enhancements to containerized workloads and orchestration platforms.
• Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.
• Collaborate in defining and monitoring evolving security compliance and regulatory requirements.
• Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.

Requirements

• 4+ years of security engineering, DevSecOps, or equivalent experience.
• Hands-on expertise with AWS architecture, services, and security features.
• Proficiency in Python to build and maintain security tools.
• Familiarity with Kubernetes and container security, including configuration and runtime protection.
• Exposure to Javascript and Go with the ability to perform security code reviews.
• Experience using Terraform to build, deploy, and manage infrastructure.