Application Security Engineer

Berlin Engineering

ABOUT US

Contentful provides content infrastructure for digital teams to power websites, apps, and devices. Unlike a CMS, Contentful was built to integrate with the modern software stack. It offers a central hub for structured content, powerful management and delivery APIs, and a customizable web app that enables developers and content creators to ship their products faster. Companies including Spotify, Red Bull, WeWork, Lyft, and Urban Outfitters rely on Contentful to manage content as part of their modern web stack.

Contentful is growing rapidly, backed by $80 million in funding from VC firms including Benchmark and General Catalyst, and strategic investors including Sapphire Ventures (SAP) and Salesforce Ventures.

We’re a fun team of more than 200 people from 44 nations, with offices in Berlin and San Francisco. Join us!

    

ABOUT THE ROLE

Contentful strives to build a secure and safe service and commits considerable effort and resources on security. Application Security and software development are fundamental pieces of Contentful’s security program - our Information Security Management System - ISMS.

As an Application Security Engineer at Contentful, you are part of the Engineering team responsible for our core applications and internal tools. This position is focused on managing vulnerabilities and securing the development process. You work closely with the Engineering teams to improve security in the code, and Product teams to design and guide the implementation of security features in the platform. You will be the subject matter expert in application security within the company, advocating good secure development practices and educating developers.

The goal of the Security team is to provide guidance and support to both Engineering and Product teams, enabling them to build a reliable and secure product. We follow a holistic approach to guarantee the safety, availability, and integrity of our customers' data.

RESPONSIBILITIES

  • Improve Secure Software Development Lifecycle, work with and educate Engineers on industry best practices
  • Design product security solutions
  • Run Contentful’s bug bounty program, analyzing and responding to reports
  • Manage vulnerabilities and monitor their fixes
  • Analyze source code for security vulnerabilities
  • Manage external- and perform your own- penetration tests

YOUR PROFILE

  • Experience with Software Development in any language
  • You understand and worked with micro-service -architecture and container infrastructure
  • You performed penetration tests and source code security analysis
  • At least 3 years experience in the application security field
  • Good understanding of OWASP Top Ten
  • Excellent English communication skills, both verbal and written

NICE TO HAVE

  • Experience with Javascript/NodeJS or Ruby
  • Experience running a responsible vulnerability disclosure program or reporting vulnerabilities to companies
  • Familiar with AWS, kubernetes and docker technologies, with the security mechanisms provided
  • Experience with CI/CD tools
  • Experience in ensuring security and privacy on the Internet
  • Participation in the security community via meetups or talks in conferences

BENEFITS

  • Join an innovative tech company as we help drive the evolution of digital experiences to become ever-more ubiquitous and interactive. Be a part of helping companies build modern architectures for mission-critical applications
  • Shape the future of Contentful: help us establish, scale, and improve our team's processes
  • Generous education budget complete with extra days off to be spent on your professional and self-development
  • Be set up for success, equipped with the latest and greatest hardware
  • Hang-out in one of our many shared spaces, playing games with colleagues or enjoying a full range of events, including workshops, on-site meetups, guest speakers, and fun events for the company and each team. Did we mention an annual off-site?
  • Sharpen your PlayStation, ping pong, and kicker/fußball skills during breaks in the day
  • As much artisan coffee as you can handle
  • Brush up your language skills! Our team speaks more than 20 languages, and we offer free German classes
  • Take a break and pat a pup, we are a dog-friendly office
  • We fully support your move to Berlin with a relocation budget and visa assistance. We'll help you settle into your exciting new city
  • Plus, Contentful socks, oh yeah!

“Variety is the spice of life” — and a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences and are proud to be an equal opportunity employer: all qualified applicants are considered for positions regardless of race, ethnic origin, gender, age, religion or belief, marital status, gender identification, sexual orientation, or disability. We look forward to your application!


Contentful

contentful.com

Beyond headless CMS, Contentful is the essential API-first content management infrastructure to create, manage and distribute content to any platform or device


View all jobs
Apply now