About the opportunity

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

We are looking for a committed and driven Security Engineer with experience securing enterprise systems in modern, cloud-native and Software-as-a-Server (SaaS) based architectures. In this role, you will support day-to-day security operations while partnering with cross-functional teams, including information technology and data teams, to design, deliver, and enhance practical, scalable security solutions across the organization. Key initiatives may include threat modeling, assessing the security of third-party platforms, automating and streamlining inefficient processes, and integrating security solutions across enterprise environments.

This is a hands-on role focused on building and scaling security through engineering, automation, and collaboration. You will help shape and mature an enterprise security function by embedding security into internal systems and workflows, supporting secure use of third-party SaaS platforms, and partnering with teams to reduce risk without slowing the business. This role offers the opportunity to apply deep technical skills while making a meaningful impact on how security is delivered across the organization.

What to expect?

• Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.
• Lead security assessments and remediation for enterprise cloud environments, internal systems, and third-party systems to proactively identify and address risk.
• Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues.
• Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.
• Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen security of systems and environments.
• Drive security and monitoring enhancements across enterprise cloud and SaaS workloads, platforms, and supporting infrastructure.
• Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.
• Build and automate security controls to scale access reviews, evidence collection, and compliance activities.
• Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.
• Advance identity and access management controls across enterprise systems, including least privilege, just-in-time access, conditional access, and zero trust.
• Enhance and automate controls to assess, manage, and secure third-party SaaS systems and vendors.

What you need to be successful?

• 4+ years of security engineering, DevSecOps, or equivalent experience.
• Ability to support on call for occasional off-hours incident response efforts.
• Hands-on expertise with AWS architecture, services, and security features.
• Additional exposure to Cloudflare, GCP, and/or Azure is valued.
• Proficiency in Python to build and maintain security tools.
• Familiarity securing cloud platforms, including configuration, access controls, and runtime protection.
• Exposure to Javascript and Go with the ability to perform security code reviews.
• Experience using Terraform to build, deploy, and maintain  infrastructure as code.
• Strong foundational networking knowledge of cloud networking concepts, OSI model, TCP/IP, and routing.
• Practical knowledge of email architecture and controls, including SMTP, MX records, SPF, DKIM, and DMARC.
• Experience hardening Mac, Windows, and Linux systems
• Hands on experience with MDM providers, endpoint protection tools, and posture management controls.
• Demonstrable ability to embed security considerations throughout the software development lifecycle.
• Hands-on involvement supporting vulnerability management and incident response functions.
• Familiarity with authentication and authorization protocols and mechanisms (OAuth, SAML, JWT, IAM)
• Experience identifying and mitigating OWASP Top 10 vulnerabilities in web applications and APIs.
• Clear and effective communication skills.
• Ability to articulate security risks and tradeoffs to both technical and semi-technical audiences.
• A proactive, growth-oriented mindset focused on continuous learning, innovation, and raising security standards.
• Passion designing and performing hands-on implementation work.
• Ability to work in a fast-paced environment, often juggling multiple projects.
• Ability to integrate systems through APIs, parsing, normalizing, and integrating datasets.
• Experience identifying and mitigating risks in enterprise, SaaS, and custom build systems.
• Experience securing third party third-party services, through reviews, custom integration, and monitoring.
• Hands on experience with leading identity providers and cloud provider entitlements.
• Practical mindset to balance business needs with security requirements.
• Ability to drive change through continuous improvement.
• Capable of working independently and collaboratively as a team.
• Comfortable working with a geographically dispersed team.

What's in it for you?

• Join an ambitious tech company reshaping the way people build digital experiences
• Full-time employees receive Stock Options for the opportunity to share in the success of our company
• Comprehensive healthcare package covering 100% of monthly health premiums for employees  and 85% of costs for your dependents. 
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• We value Work-Life balance and You Time! A generous amount of paid time off, including vacation days, sick days, compassion days for loss,  education days, and volunteer days
• Company paid parental leave to care for and focus on your growing family 
• Use your personal annual education budget to improve your skills and grow in your career
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties 
• An annual wellbeing stipend to care for your physical, financial, or emotional health
• A monthly communication stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.

This role will need to be conducted in a state in which we are currently registered to do business. 

New York Salary Statement: The salary range displayed is specifically for those potential hires who will work or reside in the state of New York if selected for the role. Any offered salary is determined based on internal equity, internal salary ranges, market data/ranges, applicant's skills and prior relevant experience, certain degrees and certifications (e.g. JD/technology), for example.

New York Salary Range: $153,000 - $207,000
[This position is eligible for equity awards in accordance with the terms of Contentful’s equity plans.]