Overview

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

We are looking for a committed and driven Security Engineer (f/m/d) with experience working in cloud-native product infrastructure and corporate environments. In this role, you will manage daily alerts and operations while leading broader collaborative initiatives such as architecture design collaboration, threat modeling, and vulnerability identification, to drive meaningful security improvements. Candidates should be skilled in cloud-native technologies with demonstrable proficiency in infrastructure as code and application development.

This hands-on role offers an opportunity to grow your expertise in cloud technologies and security tooling while making meaningful impact by embedding security practices and supporting secure third-party integrations in a fast-pacted software-as-a-service environment.

What to expect

• Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.
• Lead security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to proactively identify and address risk.
• Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues across product and corporate environments.
• Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.
• Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen security of systems and environments.
• Advance the development, customization, and maintenance of hardening standards, and monitoring mechanisms for systems and environments.
• Drive security and monitoring enhancements to containerized workloads and orchestration platforms.
• Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.
• Collaborate in defining and monitoring evolving security compliance and regulatory requirements.
• Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.

What you need to be successful

• 4+ years of security engineering, DevSecOps, or equivalent experience.
• Hands-on expertise with AWS architecture, services, and security features.
• Proficiency in Python to build and maintain security tools.
• Familiarity with Kubernetes and container security, including configuration and runtime protection.
• Exposure to Javascript and Go with the ability to perform security code reviews.
• Experience using Terraform to build, deploy, and maintain infrastructure as code.
• Strong foundational networking knowledge covering cloud networking concepts, OSI model, TCP/IP, and routing fundamentals.
• Demonstrable ability to embed security considerations throughout the software development lifecycle.
• Hands-on involvement supporting vulnerability management and incident response functions.
• Familiarity with authentication and authorization protocols and mechanisms (OAuth, SAML, JWT, IAM).
• Experience identifying and mitigating OWASP Top 10 vulnerabilities in web applications and APIs.
• Clear and effective communication skills.
• Ability to articulate security risks and tradeoffs to both technical and semi-technical audiences.
• A proactive, growth-oriented mindset focused on continuous learning, innovation, and raising security standards.
• Passion designing and performing hands-on implementation work.
• Ability to work in a fast-paced environment, often juggling multiple projects.

What’s in it for you?

• Join an ambitious tech company reshaping the way people build digital experiences.
• Full-time employees receive Stock Options for the opportunity to share in the success of our company.
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• We value Work-Life balance and You Time. A generous amount of paid time off, including vacation days, sick days, education days, compassion days for loss, and volunteer days.
• Time off to care for and focus on your growing family.
• Use your personal annual education budget to improve your skills and grow in your career.
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and team activities, supporting learning and networking beyond the usual work duties.
• An annual wellbeing stipend to care for your physical, financial, or emotional health.
• A monthly communication phone/internet stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees.

Who are we?

Contentful is a leading digital experience platform that helps modern businesses meet the growing demand for engaging, personalized content at scale. By blending composability with native AI capabilities, Contentful enables dynamic personalization, automated content delivery, and real-time experimentation, powering next-generation digital experiences across brands, regions, and channels for more than 4,200 organizations worldwide. More than 700 people from more than 70 nations contribute their energy and creativity to Contentful, working from hubs in Berlin, Denver, San Francisco, London, New York, and distributed worldwide.

Everyone is welcome here! We strive to create an inclusive environment that empowers our employees. We are an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed. If you need reasonable accommodations at any point during the application or interview process, please let your recruiting coordinator know.

Please be aware of scammers who may fraudulently allege to be from Contentful. We do not ask for personal information through social media or chat-based apps. If you suspect fraud, report it to your local authorities and contact security-esk@contentful.com with any information you may have.

By clicking “Apply for this job,” you acknowledge that you have read the Contentful’s Candidate Privacy Notice and consent to the collection, processing, use, and storage of your personal information as described therein.