Security Engineer

About the opportunity

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

We are looking for a committed and driven Security Engineer with experience securing enterprise systems in modern, cloud-native and Software-as-a-Server (SaaS) based architectures. In this role, you will support day-to-day security operations while partnering with cross-functional teams, including information technology and data teams, to design, deliver, and enhance practical, scalable security solutions across the organization. Key initiatives may include threat modeling, assessing the security of third-party platforms, automating and streamlining inefficient processes, and integrating security solutions across enterprise environments.

This is a hands-on role focused on building and scaling security through engineering, automation, and collaboration. You will help shape and mature an enterprise security function by embedding security into internal systems and workflows, supporting secure use of third-party SaaS platforms, and partnering with teams to reduce risk without slowing the business. This role offers the opportunity to apply deep technical skills while making a meaningful impact on how security is delivered across the organization.

What to expect?

• Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.
• Lead security assessments and remediation for enterprise cloud environments, internal systems, and third-party systems to proactively identify and address risk.
• Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues.
• Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.
• Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen security of systems and environments.
• Drive security and monitoring enhancements across enterprise cloud and SaaS workloads, platforms, and supporting infrastructure.
• Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.
• Build and automate security controls to scale access reviews, evidence collection, and compliance activities.
• Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.
• Advance identity and access management controls across enterprise systems, including least privilege, just-in-time access, conditional access, and zero trust.
• Enhance and automate controls to assess, manage, and secure third-party SaaS systems and vendors.

What you need to be successful?

• 4+ years of security engineering, DevSecOps, or equivalent experience.
• Ability to support on call for occasional off-hours incident response efforts.
• Hands-on expertise with AWS architecture, services, and security features.
• Additional exposure to Cloudflare, GCP, and/or Azure is valued.
• Proficiency in Python to build and maintain security tools.
• Familiarity securing cloud platforms, including configuration, access controls, and runtime protection.
• Exposure to Javascript and Go with the ability to perform security code reviews.
• Experience using Terraform to build, deploy, and maintain  infrastructure as code.
• Strong foundational networking knowledge of cloud networking concepts, OSI model, TCP/IP, and routing.
• Practical knowledge of email architecture and controls, including SMTP, MX records, SPF, DKIM, and DMARC.
• Experience hardening Mac, Windows, and Linux systems
• Hands on experience with MDM providers, endpoint protection tools, and posture management controls.
• Demonstrable ability to embed security considerations throughout the software development lifecycle.
&l