Senior Cyber Securité Engineer (dev sec ops)

Contentsquare is the all-in-one experience intelligence platform designed to be easily used by anyone who cares about digital journeys. With our flexible and scalable platform, organizations quickly get a deep understanding of their customers’ whole online journey.
We are a global leader in the experience analytics space, with a growing presence across 15 offices worldwide. We’re here to stay—and we’re looking for team members who are excited to drive impact and help us scale even further.
Our aim is to create an inclusive workplace where everyone learns and succeeds. Contentsquare has built a community of individuals who are daring, understanding, and deliberate. We invite you to join us in making the complex simpler—for our customers, their customers, and each other.
Important note: Be careful of scammers pretending to be from Contentsquare. We will never ask for money or contact you through random texts. For more information, visit our careers blog.
The Contentsquare security team is looking for a focused cyber security engineer who can take on a leadership role in responding to security issues. As such, you’ll need to have practical security experience and knowledge of the state of the art for detecting and responding to attacks. The ideal candidate will thrive in high-pressure situations and drive relevant teams to take the right decisions to mitigate the security risks in a timely manner. As part of the Development, Security, and Operations Team (Devsecops), you will be reporting directly to the Director, Cyber Security. You will be working closely with our R&D team. Your main task will be to ensure the integrity of Contentsquare’s products and for keeping Contentsquare’s users and customers safe. You will work out of our Paris (Headquarters), Barcelona (Spain) or Remotely.   

Responsabilities

• 
  
• Confidently and intelligently respond to security incidents, and proactively consider how to prevent the same type of incidents from occurring in the futureDevelop security utilities and tools for internal use that enable you and your fellow Security Engineers to operate at high speed and wide scaleDesign and maintain a portfolio of security alerts, automated actions and escalation workflows in support of a high-performing 24/7 incident response capability
• Constantly audit our technical platform and application to ensure the follow-up of security best-practices and identify security misconfigurationsImprove the ability to respond to threats by leading new technology selection, configuration, internal product development, obtaining-buy-in, and implementations with a heavy emphasis on automation
• Design and coordinate cohesive responses to security events that involve multiple teams across the organisationEvaluate the impact to the organisation of current security trends, advisories and public exploits.
• Coordinate responses as necessary across affected teams to do the right thing for our customers and our organisationManage and extend our security detection capabilities (SIEM, WAF, honeypot, open source tools)Recognize, adopt and share the best practices on security engineering fields throughout the organisation: development, network security, application security, cryptography, security operations, incident responsesCommunicate efficiently (in English) at multiple levels of sensitivity and multiple audiences
• Establish metrics that demonstrate continuous improvements of the Security Monitoring & Incident Response Engineering capabilities and execute on your proposed strategy for improvements
• Fulfil regular on-call responsibilities

Qualifications and skills

• 3-5 years of previous practical experience on Security Operations, especially experience coordinating responses to security incidents 
• Experience in building effective partnerships with internal customers 
• Experience building out detection and response programs for a SaaS or cloud-native companySolid experience with developing security toolings and integrating security layers to
• Devops pipelinesExtensive knowledge of web protocols, security issues, common attacks, Linux/Unix tools, cloud architectures and threat landscape
• Expertise with Security Information and Event Management (SIEM) and incident platforms, such as: Google SecOps, PagerDutyDeep knowledge of our technical stack and how to secure it :
• AWS and Azure
• Kubernetes / Docker
• Ansible, Helm, Terraform
• Datadog ASM as WAF, Google SecOps
• Github Action, ArgoCD
• Solid scripting skills: shell, python
• Nestjs, Vuejs, Reactjs
• Strong understanding of security concepts, standard methodologies and how to apply them, such as SSH, public key encryption, access credentials, certificates, TLS, data encryption, OWASP top 10
• Analytical skills, Autonomy and AccountabilityFluent in English (French is a plus)
• Solid understanding of MITRE ATTACK, NIST or similar threat frameworks is strongly preferred
• Location:Paris (France), Barcelona (Spain) or Remotely. 

Why you should join ContentsquareWe invest in our people through career development, mentorship, social events, philanthropic activities, and competitive benefits. We are always assessing the perks we offer to ensure we’re aligned with the employees' needs.
Here are a few we want to highlight:- Virtual onboarding, Hackathon, and various opportunities to interact with your team and global colleagues both on and offsite each year- Work flexibility: hybrid and remote work policies- Generous paid time-off policy (every location is different)- Immediate eligibility for birthing and non-birthing parental leave- Wellbeing and Home Office allowances- A Culture Crew in every country we’re based in to coordinate regular activities for employees to get to know each other and bond outside of work- Every full-time employee receives stock options, allowing them to share in the company’s success- We have multiple Employee Resource Groups, that offer a safe space for individuals who share common identities, life experiences, or allyship to connect, support one another, and passionately advocate for the issues close to their hearts- And more benefits tailored to each country
Contentsquare is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to sex, gender identity or expression, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Your personal data is used by Contentsquare for recruitment purposes only. Read our Job Candidate Privacy Notice to find out more about data protection at Contentsquare and your rights. You can exercise your rights by using our dedicated Data Subject Rights Portal here. 
Your personal data will be securely stored in our hosting provider’s data center in Oregon (US west). We have implemented appropriate transfer mechanisms under applicable data protection laws.