Application Security Engineer

Contentful, Berlin

Contentful: a developer-friendly, API first CMS


Contentful provides content infrastructure for digital teams to power websites, apps, and devices. Unlike a CMS, Contentful was built to integrate with the modern software stack. It offers a central hub for structured content, powerful management and delivery APIs, and a customizable web app that enables developers and content creators to ship their products faster. Companies like Spotify, Red Bull, Optimizely, Twilio, and Urban Outfitters rely on Contentful to solve the complexities of content management in the modern multi-channel world.

The demand for a new way to manage content is in the numbers: the company is rapidly growing and has raised nearly $50M from VC firms including General Catalyst, Benchmark, Balderton, Point Nine, and Trinity.

We're a fun team of over 150 people from 40 nations with offices in Berlin and San Francisco, looking for more amazing individuals to join our team!



Contentful strives to build a secure and safe service and commits considerable effort and resources on security.

As an Application Security Engineer at Contentful, you will be part of the Engineering team responsible for our core applications and internal tools. This position is focused on the development process, working closely with the Product team to design and guide the implementation of security features in the platform. You will be the subject matter expert in application security within the company, advocating good secure development practices.

The goal of the Security team is to provide guidance and support to the Product teams and enable them to build a reliable and secure product. We follow a holistic approach to guarantee the safety, availability, and integrity of our customers' data.


  • Manage vulnerabilities and monitor their fixes
  • Manage external, and perform your own, penetration tests
  • Analyze source code for security vulnerabilities
  • Run Contentful’s bug bounty program, analyzing and responding to reports
  • Respond to security incidents
  • Improve the Secure Software Development Lifecycle
  • Improve security in all products and internal tools
  • Educate and train teams on secure development
  • Consult with other teams on internal system integrations
  • Contribute to application and platform architecture
  • Implement security tools and develop your own for automation in any language


  • Experience with Javascript/NodeJS or Ruby
  • You understand and worked with micro-architecture and container infrastructure
  • You performed penetration tests and source code security analysis
  • Good understanding of AWS, kubernetes and docker technologies
  • At least 3 years experience in the application security field
  • Good understanding of OWASP Top Ten
  • Excellent English communication skills, both verbal and written


  • Experience running a responsible vulnerability disclosure program or reporting vulnerabilities to companies
  • Familiar with AWS and the security mechanisms provided
  • Experience with CI/CD tools
  • Experience in ensuring security and privacy on the Internet
  • Participation in the security community via meetups or talks in conferences


  • Shape the future of the Contentful product’s security
  • Create and deploy security tooling, and support the teams to build secure applications
  • Work strategically and reactively - it never gets boring
  • Provide enterprise-grade security to global customers
  • Enjoy the freedom and ownership of your work, and measure your success
  • Join an innovative tech company as we help drive the evolution of digital experiences to become ever-more ubiquitous and interactive. Be a part of helping companies build modern architectures for mission-critical applications
  • Shape the future of Contentful: help us establish, scale, and improve our team's processes
  • Generous education budget complete with extra days off to be spent on your professional and self-development
  • Be set up for success, equipped with the latest and greatest hardware
  • Hang-out in one of our many shared spaces, playing games with colleagues or enjoying a full range of events, including workshops, on-site meetups, guest speakers, and fun events for the company and each team. Did we mention an annual off-site?
  • Sharpen your PlayStation, ping pong, and kicker/fußball skills during breaks in the day
  • As much artisan coffee as you can handle
  • Brush up your language skills! Our team speaks more than 20 languages, and we offer free German classes
  • Take a break and pat a pup, we are a dog-friendly office
  • We fully support your move to Berlin with a relocation budget and visa assistance. We'll help you settle into your exciting new city
  • Plus, Contentful socks, oh yeah!

“Variety is the spice of life” — and a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences and are proud to be an equal opportunity employer: all qualified applicants are considered for positions regardless of race, ethnic origin, gender, age, religion or belief, marital status, gender identification, sexual orientation, or disability. We look forward to your application!

About Contentful

Contentful (https://www.contentful.com) is a content management developer platform that enables web and mobile developers to manage, integrate, and deliver digital content to any kind of device or service that can connect to an API - be it smart cars, VR, mobile, web, digital signage, or any new platform. We solve the complexities of content management for tens of thousands web and mobile developers, some independent and many working at enterprise customers that include Jack-in-the-box, Petsmart, Specialized, Fidelity Investments, and Urban Outfitters.

Want to learn more about Contentful? Visit Contentful's website.