ContentfulRemote
Security Engineer (Application Security)
United States of America
Full Time
2 hours ago
$153,000 - $207,000 USD
No H1B
Key skills
JavaScriptPythonGoAWSTerraformKubernetesIAMOAuthJWTSAMLContentfulCommunicationOWASP
About this role
Contentful is a leading digital experience platform that helps modern businesses meet the growing demand for engaging, personalized content at scale. They are seeking a committed and driven Security Engineer to manage daily alerts and operations while leading collaborative initiatives to improve security practices in a cloud-native environment.
Responsibilities:
- Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business
- Lead security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to proactively identify and address risk
- Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues across product and corporate environments
- Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness
- Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen the security of systems and environments
- Advance the development, customization, and maintenance of hardening standards and monitoring mechanisms for systems and environments
- Drive security and monitoring enhancements to containerized workloads and orchestration platforms
- Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts
- Collaborate in defining and monitoring evolving security compliance and regulatory requirements
- Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date
Requirements:
- 4+ years of security engineering, DevSecOps, or equivalent experience
- Hands-on expertise with AWS architecture, services, and security features
- Proficiency in Python to build and maintain security tools
- Familiarity with Kubernetes and container security, including configuration and runtime protection
- Exposure to JavaScript and Go with the ability to perform security code reviews
- Experience using Terraform to build, deploy, and maintain infrastructure as code
- Strong foundational networking knowledge covering cloud networking concepts, the OSI model, TCP/IP, and routing fundamentals
- Demonstrable ability to embed security considerations throughout the software development lifecycle
- Hands-on involvement supporting vulnerability management and incident response functions
- Familiarity with authentication and authorization protocols and mechanisms (OAuth, SAML, JWT, IAM)
- Experience identifying and mitigating OWASP Top 10 vulnerabilities in web applications and APIs
- Clear and effective communication skills
- Ability to articulate security risks and tradeoffs to both technical and semi-technical audiences
- A proactive, growth-oriented mindset focused on continuous learning, innovation, and raising security standards
- Passionate about designing and performing hands-on implementation work
- Ability to work in a fast-paced environment, often juggling multiple projects