Security Engineer

<h2 style="text-align: left;"><strong>About the opportunity</strong></h2> <p>Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.</p> <p>We are looking for a committed and driven Security Engineer with experience securing enterprise systems in modern, cloud-native and Software-as-a-Server (SaaS) based architectures. In this role, you will support day-to-day security operations while partnering with cross-functional teams, including information technology and data teams, to design, deliver, and enhance practical, scalable security solutions across the organization. Key initiatives may include threat modeling, assessing the security of third-party platforms, automating and streamlining inefficient processes, and integrating security solutions across enterprise environments.</p> <p>This is a hands-on role focused on building and scaling security through engineering, automation, and collaboration. You will help shape and mature an enterprise security function by embedding security into internal systems and workflows, supporting secure use of third-party SaaS platforms, and partnering with teams to reduce risk without slowing the business. This role offers the opportunity to apply deep technical skills while making a meaningful impact on how security is delivered across the organization.</p> <h2 style="text-align: left;"><strong>What to expect?</strong></h2> <ul> <li>Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.</li> <li>Lead security assessments and remediation for enterprise cloud environments, internal systems, and third-party systems to proactively identify and address risk.</li> <li>Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues.</li> <li>Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.</li> <li>Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen security of systems and environments.</li> <li>Drive security and monitoring enhancements across enterprise cloud and SaaS workloads, platforms, and supporting infrastructure.</li> <li>Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.</li> <li>Build and automate security controls to scale access reviews, evidence collection, and compliance activities.</li> <li>Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.</li> <li>Advance identity and access management controls across enterprise systems, including least privilege, just-in-time access, conditional access, and zero trust.</li> <li>Enhance and automate controls to assess, manage, and secure third-party SaaS systems and vendors.</li> </ul> <h2 style="text-align: left;"><strong>What you need to be successful?</strong></h2> <ul> <li>4+ years of security engineering, DevSecOps, or equivalent experience.</li> <li>Ability to support on call for occasional off-hours incident response efforts.</li> <li>Hands-on expertise with AWS architecture, services, and security features.</li> <li>Additional exposure to Cloudflare, GCP, and/or Azure is valued.&lt ... (truncated, view full listing at source)