Manager, Threat Detection and Incident Response

Candidates must be located in the eastern time zone. About the Opportunity Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports organization-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes. We are looking for a committed and driven manager who is passionate about solving complex security problems in innovative and scalable ways, with deep experience leading incident response and detection programs at scale. As the Manager of Threat Detection and Response, you will own the operational and strategic direction of security incident response, including team development, program strategy, and capability maturity in alignment with broader security and company objectives. You will remain hands-on, contributing to day-to-day detection and response activities while designing, building, and operating detection and response capabilities across cloud-native and corporate environments. You will lead large-scale, cross-functional incident response efforts, ensuring effective coordination, clear communication, and timely resolution of complex security events. This role requires strong expertise in detection engineering, attacker techniques, and modern security practices, with the ability to apply these concepts in practical and scalable ways. You will drive continuous improvement across the Threat Detection and Response program and partner closely with security, IT, and cross-functional stakeholders to align priorities, execute shared initiatives, and ensure comprehensive risk mitigation while minimizing impact to end users across the organization. What to expect? Develop a team, providing coaching, mentorship, goal setting, and performance feedback. Mature effectiveness and efficiency by improving processes, tooling, and documentation. Collaborate with security leadership to execute business aligned, risk reduction roadmaps. Own execution and prioritization across projects and operations, using agile delivery practices. Shape work scope, sequencing, and success criteria in line with department and company needs. Enhance tooling, automation, and integrations to improve visibility and reduce manual effort. Perform daily alert investigation and response in a cloud-native and traditional environment. Investigate and lead teams responding to incidents of varying sizes and complexities Define roles and make hiring decisions to grow the team in line with department needs. Remain hands on, balancing technical leadership with direct response work. Communicate risks and technical concepts with clarity to leadership and stakeholders. Define and maintain metrics to measure impact, optimize execution, and guide investment. Accelerate adoption of AI, balancing practicality enablement, and risk management. Facilitate incident training, including table top exercises. Lead and refine detection engineering, including the creation and upkeep of threat detections. Collaborate on threat models by incorporating detection use cases into designs. Identify systemic issues and collaborate on approaches to address root causes. Compose high-quality incident and threat reports for executives. Provide insights and input on tool selection to help grow our cybersecurity portfolio. Ensure all end users receive delightful and informative interactions with Security. What you need to be successful 6+ years experience in security operations, including alert triage and investigation 4+ years conducting large scale incident response activities with 2+ years leading 2+ years managing people and security operations teams. Comfort operating in ambiguity, balancing strategic thinking, security, and practicality. Ability to support occasional off-hours incident response efforts Expertise in attacker techniques in cloud-native and traditional environments. Hands-on experience owning security technologies (e.g., EDR, AntiVirus, etc.) Expertise in AWS audit and security services to investigate cloud centric threats Expert usage, data onboarding, and data administration within Splunk Mastery of investigation methods and capable of handling complex and ambiguous cases Practical experience with cross-platform and hybrid environment investigations Ability to perform detailed host analysis on Mac, Windows, & Linux systems Proficient in correlating patterns across assets and environments to support investigation. Incident lifecycle master with ability to cohesively manage simultaneous workstreams Ability to make tactical and fundamental recommendations to improve security Ability to design large-scale threat detection using diverse technologies and data sets Skilled in evaluating quantitative and qualitative effectiveness of security measures Familiarity with modern engineering and detection engineering practices Passion for solving complex security problems in innovative and scalable ways A drive for change through continuous improvement Capable of working independently but possesses a collaborative mindset Ability to work in a fast-paced environment, often juggling multiple projects Experience working independently and as part of a team This position is not eligible for visa sponsorship. Applicants must be authorized to work without the need for visa sponsorship by the start date of employment. #LIRemote #LIremote Who are we? Contentful is a leading digital experience platform that helps modern businesses meet the growing demand for engaging, personalized content at scale. By blending composability with native AI capabilities, Contentful enables dynamic personalization, automated content delivery, and real-time experimentation, powering next-generation digital experiences across brands, regions, and channels for more than 4,200 organizations worldwide. More than 700 people from more than 70 nations contribute their energy and creativity to Contentful, working from hubs in Berlin, Denver, San Francisco, London, New York, and distributed worldwide. Everyone is welcome here! “Everyone is welcome here” is a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences, and we are proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical [dis]ability, or length of time spent unemployed. We invite you to apply and join us! If you need reasonable accommodations at any point during the application or interview process, please let your recruiting coordinator know. Please be aware of scammers who may fraudulently allege to be from Contentful. These types of fraud can be carried out through copycat websites, fake email addresses claiming to be from our company, or social media. We do not ask for your personal information, such as bank account numbers, identification numbers, etc, through social media or chat-based apps, nor do we request or send money for the purchase of business equipment. If you suspect fraud, please report it to your local authorities, as well as reach out to us at [email protected] with any information you may have. By clicking “Apply for this job,” I acknowledge that I have read the “ Contentful’s Candidate Privacy Notice ” and hereby consent to the collection, processing, use, and storage of my personal information as described therein.