Senior Cyber Security Engineer

Summary

Join Contentsquare's security team as a Senior Cyber Security Engineer and play a key role in responding to security issues. You will be part of the DevSecOps team, reporting to the Director of Cyber Security and collaborating with R&D. Your main responsibility is ensuring the integrity of Contentsquare's products and user safety. You will work from either the Paris or Barcelona office. The role involves incident response, developing security tools, maintaining alerts and workflows, auditing platforms, improving threat response capabilities, coordinating responses to security events, evaluating security trends, managing detection capabilities, sharing best practices, and establishing performance metrics. Contentsquare offers competitive benefits, including flexible work arrangements, generous paid time off, parental leave, wellbeing allowances, stock options, and employee resource groups.

Requirements

• Typically, 3-5 years of practical experience in Security Operations, especially coordinating responses to security incidents
• Experience in building effective partnerships with internal customers
• Experience building out detection and response programs for a SaaS or cloud-native company
• Solid experience with developing security tooling and integrating security layers into DevOps pipelines
• Extensive knowledge of web protocols, security issues, common attacks, Linux/Unix tools, cloud architectures, and the threat landscape
• Expertise with Security Information and Event Management (SIEM) and incident platforms, such as Google SecOps and PagerDuty
• Deep knowledge of our technical stack and how to secure it, including: Cloud Providers: AWS, Azure Containerization & Orchestration: Kubernetes, Docker Infrastructure as Code: Ansible, Helm, Terraform Security & Monitoring Tools: Datadog ASM (as WAF), Google SecOps CI/CD & Automation: GitHub Actions, ArgoCD Scripting Languages: Shell, Python Frameworks & Libraries: NestJS, Vue.js , React.js
• Strong understanding of security concepts, standard methodologies, and how to apply them (e.g., SSH, public key encryption, access credentials, certificates, TLS, data encryption, OWASP Top 10)
• Analytical skills, autonomy, and accountability
• Fluent in English (French is a plus)

Responsibilities

• Respond to security incidents with professionalism and proactively identify ways to prevent similar incidents in the future
• Develop security utilities and tools for internal use to support efficient and scalable operations for the Security Engineering team
• Design and maintain security alerts, automated actions, and escalation workflows to support a high-performing 24/7 incident response capability
• Regularly audit our technical platform and applications to ensure adherence to security best practices and identify potential misconfigurations
• Improve our ability to respond to threats by leading new technology selection, configuration, internal product development, securing stakeholder buy-in, and implementation with a strong emphasis on automation
• Design and coordinate cohesive responses to security events that involve multiple teams across the organization
• Evaluate the impact to the organization of current security trends, advisories, and public exploits. Coordinate responses as necessary across affected teams to do the right thing for our customers and our organization
• Manage and extend our security detection capabilities, including Security Information and Event Management (SIEM), Web Application Firewalls (WAF), honeypots, and open source tools
• Recognize, adopt, and share best practices in security engineering throughout the organization, including development, network security, application security, cryptography, security operations, and incident response
• Communicate effectively (in English) with diverse audiences and across varying levels of sensitivity
• Establish metrics that demonstrate continuous improvements of the Security Monitoring & Incident Response Engineering capabilities, and execute on your proposed strategy for improvements
• Participate in regular on-call responsibilities

Preferred Qualifications

Solid understanding of MITRE ATT&CK, NIST, or similar threat frameworks is strongly preferred

Benefits

• Virtual onboarding, Hackathon, and various opportunities to interact with your team and global colleagues both on and offsite each year
• Work flexibility: hybrid and remote work policies
• Generous paid time-off policy (every location is different)
• Immediate eligibility for birthing and non-birthing parental leave
• Wellbeing and Home Office allowances
• A Culture Crew in every country we’re based in to coordinate regular activities for employees to get to know each other and bond outside of work
• Every full-time employee receives stock options, allowing them to share in the company’s success
• We have multiple Employee Resource Groups, that offer a safe space for individuals who share common identities, life experiences, or allyship to connect, support one another, and passionately advocate for the issues close to their hearts
• And more benefits tailored to each country