Key skills
JavaScriptTypeScriptPythonGoReactNode.jsAWSGCPTerraformKubernetesIAMOAuthJWTSAMLContentfulCloudflareCI/CDLeadershipCommunicationOWASPFirewall
About this role
Contentful is a leading digital experience platform that helps modern businesses meet the growing demand for engaging, personalized content at scale. They are seeking an Application Security Engineer to lead and shape security initiatives across their cloud-native product infrastructure and corporate environments, focusing on enhancing their security posture and managing security assessments.
Responsibilities:
- Lead initiatives, drive cross-functional prioritization, and partner on execution to advance security efforts across the organization
- Proactively identify, prioritization, and lead complex security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to drive measurable risk reduction
- Support vulnerability management efforts while advancing the program by identifying systemic gaps, expanding coverage, automating workflows, and partnering with cross functional teams to prioritize and drive scalable remediation
- Identify deficiencies, architect, and build scalable security solutions to improve coverage, efficiency, and resilience across security disciplines
- Develop and maintain scalable hardening standards and monitoring mechanism, leading adoption and long term integration across the organization
- Lead and contribute to incident investigations by executing established processes, conducting independent analysis, and coordinating effective response and remediation efforts
- Design and maintain robust detection and response capabilities for cloud and container environments
- Stay current on emerging threats, vulnerabilities, and attacker tactics, translating insights into actionable strategies
- Mentor and guide others, fostering a culture of security awareness and best practices
- Support security compliance maintenance through control ownership, automated maintenance, and enable technical teams by translating requirements into practical, actionable solutions
- Communicate complex and technical concepts clearly to leadership and stakeholders
- Collaborative, open to diverse opinions, and can give reasons for your technical decisions
- Excited to work with and learn from other engineers
Requirements:
- 4+ years of security engineering, DevSecops, or equivalent experience
- Expertise with AWS, GCP, and Cloudflare architecture, services, and security features
- Design, implement, and maintain secure CI/CD pipelines by integrating automated security controls such as SAST, DAST, dependency vulnerability scanning, and secrets management
- Proven experience designing and implementing security architecture aligned with business and technical strategies across cloud and application environments
- Mastery in Python to build and maintain security tools
- Exposure to Javascript and Go with the ability to perform security code reviews
- Deep knowledge securing Kubernetes clusters and containers, including configuration and runtime protection
- Hands-on experience using Terraform and other infrastructure-as-code tools to maintain integrity in cloud environments
- Demonstrated success driving vulnerability management, threat modeling, and incident response at scale
- Proficiency with authentication and authorization protocols and mechanisms (OAuth, SAML, JWT, IAM) to secure identity and access management
- Strong foundational networking expertise including cloud networking architectures, OSI model, TCP/IP protocols, routing, and firewall concepts
- Deep expertise in OWASP Top 10 and other application security frameworks, with proven success driving secure development practices and assessments
- Working knowledge of applying compliance frameworks controls including SOC 2 and ISO 27001
- Excellent problem-solving skills and ability to influence security strategy across teams
- Clear and effective communication skills
- Ability to articulate security risks and tradeoffs to both technical and semi-technical audiences
- Practical experience integrating multiple systems through APIs and parsing, normalizing, and integrating complex datasets between integrated systems
- Experience with backend and frontend technologies, including frameworks like React. Knowledge of Node.js is a plus, and TypeScript experience is highly desirable
- A passion for learning and experimentation
- A builder mentality and desire to deliver