engineering
Posted Apr 22Manager, Security Engineering (Enterprise systems)
at Contentful
New York, United StatesHybrid
Responsibilities
- Develop a team, providing coaching, mentorship, goal setting, and performance feedback.
- Define roles and make hiring decisions to grow the team in line with department needs.
- Own execution and prioritization across projects and operations, using agile delivery practices.
- Scale and mature effectiveness and efficiency by improving processes and tooling.
- Champion continuous improvement across all aspects of the security program.
- Collaborate with security leadership to execute business aligned, risk reduction roadmaps.
- Shape work scope, sequencing, and success criteria inline with department and company needs.
- Drive security processes, standards, and best practices across information technology assets.
- Own strategy evolution of corporate capabilities, including configuration, IAM, and data security.
- Enhance tooling, automation, and integrations to improve visibility and reduce manual effort.
- Support and guide security incident response efforts as a technical leader.
- Support cross functional vulnerability management while advancing the program capabilities.
- Define and maintain metrics to measure impact, optimize execution, and guide investment.
- Accelerate adoption of AI, balancing practicality enablement, and risk management.
Requirements
- Expertise with AWS, GCP, and Azure. Strong hands-on
- experience designing, implementing, and operating security controls at scale. Demonstrated
- Experience working within identity and access management and data security programs.
- experience in modern programming language (Python, Go, etc) Hands-on
- experience using Terraform and infrastructure-as-code. •
- Experience applying modern practices to improve efficiency and scalability or security programs.
- Experience using metrics to measure impact, optimize execution, and guide investment decisions.
- Strong communication skills with the ability to explain technical topics to non technical audiences.
- Familiarity with attacker techniques in cloud-native and traditional environments. Hands-on