Senior Security Engineer

About the Opportunity Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes. We are looking for a committed and driven Senior Security Engineer to lead and shape security initiatives across both Contentful’s cloud-native product infrastructure and corporate environments. In this role, you will manage daily alerts and operations while applying deep expertise in cloud technologies and security tooling, collaborating closely with cross functional teams to embed security across the business. You will own and drive continuous improvement of key components of our security program, including threat modeling, risk assessments, architectural design collaboration, and rapid detection and response of incidents.This hands-on role offers deep technical skills development, along with the ability to influence strategic direction of the company’s architecture and security posture. What to expect Lead initiatives, drive cross-functional prioritization, and partner on execution to advance security efforts across the organization. Proactively identify, prioritization, and lead complex security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to drive measurable risk reduction. Support vulnerability management efforts while advancing the program by identifying systemic gaps, expanding coverage, automating workflows, and partnering with cross functional teams to prioritize and drive scalable remediation. Identify deficiencies, architect, and build scalable security solutions to improve coverage, efficiency, and resilience across security disciplines. Develop and maintain scalable hardening standards and monitoring mechanism, leading adoption and long term integration across the organization. Lead and contribute to incident investigations by executing established processes, conducting independent analysis, and coordinating effective response and remediation efforts Design and maintain robust detection and response capabilities for cloud and container environments. Stay current on emerging threats, vulnerabilities, and attacker tactics, translating insights into actionable strategies. Mentor and guide others, fostering a culture of security awareness and best practices. Support security compliance maintenance through control ownership, automated maintenance, and enable technical teams by translating requirements into practical, actionable solutions. Communicate complex and technical concepts clearly to leadership and stakeholders. Collaborative, open to diverse opinions, and can give reasons for your technical decisions Excited to work with and learn from other engineers. Experience with backend and frontend technologies, including frameworks like React. Knowledge of Node.js is a plus, and TypeScript experience is highly desirable. A passion for learning and experimentation. A builder mentality and desire to deliver. What you need to be successful 8+ years of security engineering, DevSecops, or equivalent experience Expertise with AWS, GCP, and Cloudflare architecture, services, and security features Design, implement, and maintain secure CI/CD pipelines by integrating automated security controls such as SAST, DAST, dependency vulnerability scanning, and secrets management. Proven experience designing and implementing security architecture aligned with business and technical strategies across cloud and application environments. Mastery in Python to build and maintain security tools. Exposure to Javascript and Go with the ability to perform security code reviews. Deep knowledge securing Kubernetes clusters and containers, including configuration and runtime protection. Hands-on experience using ... (truncated, view full listing at source)