Senior Security Engineer
We're Celonis, the global leader in Process Mining technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes - and for that, we need you to join us.
The Team:
Our Global information security organization is responsible for security and trust. We think security-offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is looking for talented subject matter experts in application, platform and offensive security.
The Role:
Celonis is looking for talented Security Engineers to join the Security Engineering Team. You will work with our platform and product engineers, to continually review and validate the security of our security posture at Celonis. Some of the responsibilities include architecture guidance for common vulnerabilities, such as Remote Code Execution (RCE), Privilege Escalation, misconfiguration, and other OWASP top 10 vulnerabilities (SQL injection, XSS, broken access control, etc).
The work you’ll do:
- You will conduct threat modeling, architecture review, security code review, security assessment, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments).
- Conducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies
- Reviewing source code for potential security issues
- Writing security test cases to check for vulnerabilities or broken/missing security controls
- Providing specific risk assessment and remediation guidelines for developers and business owners
- Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks
- You will be asked to perform cloud infrastructure review from a security perspective; the primary focus will be on AWS and many of its common service components such as S3, IAM, EC2, VPC.
- Perform in-depth security review of new features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java or C++, verifying security posture through pen-test (using manual/automated techniques with tools like Kali Linux, Burp suite, Checkmarx, WebInspect).
- You will partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.
- Work on essential areas to develop security baseline for cloud, container, and application and integrate it into the CI/CD pipeline.
- Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2).
The qualifications you’ll need:
- Bachelor's degree in Computer Science, Information Science, Cyber Security, Computer or Electrical Engineering (or similar field), and 2+ years in security.
- Experience in penetration testing in different environments, including assessing security posture of web application, native application, distributed systems, and cloud infrastructure such as AWS.
- Understanding of software security architecture and design, threat modeling, security code review, SDLC, and best practices and mitigations for application security.
- Hands-on security experience working with AWS and common service components within AWS. Identify security gaps in the design and configuration issues in individual components.
- In-depth knowledge of network-based, system level, and application layer attacks and mitigation methods.
- Experience with a broad range of hyperscalers AWS,Azure and GCP
- Knowledge of technology and security topics including network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security.
- Expertise in cloud automation tools such as Terraform, CloudFormation, Ansible, etc.
- Development experience in programming languages such as Java, JavaScript, Python, or Go.
What Celonis can offer you:
- The unique opportunity to work with industry-leading process mining technology
- Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, L&D platform, mentorships, and more)
- Great compensation and benefits packages (equity (restricted stock units), life insurance, time off, generous leave for new parents from day one, and more). For intern and working student benefits, click here.
- Physical and mental well-being support (subsidized gym membership, access to counseling, virtual events on well-being topics, and more)
- A global and growing team of Celonauts from diverse backgrounds to learn from and work with
- An open-minded culture with innovative, autonomous teams
- Business Resource Groups to help you feel connected, valued and seen (Black@Celonis, Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
- A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future
About Us
Since 2011, Celonis has helped thousands of the world's largest and most valued companies deliver immediate cash impact, radically improve customer experience and reduce carbon emissions. Its Process Intelligence platform uses industry-leading process mining technology and AI to present companies with a living digital twin of their end-to-end processes. For the first time, everyone in an organisation has a common language about how the business works, visibility into where value is hidden and the ability to capture it. Celonis is headquartered in Munich (Germany) and New York (USA) and has more than 20 offices worldwide.
Get familiar with the Celonis Process Intelligence Platform by watching this video.
Join us as we make processes work for people, companies and the planet.
Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Different makes us better.
Accessibility and Candidate Notices