Celonis
Overview
Join to apply for the
Senior Cloud Security Engineer
role at
Celonis . We are Celonis, the global leader in Process Mining technology and one of the world’s fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes. The InfoSec organization designs, builds, and enhances security components that protect the Celonis Application and Platform stacks. The security engineering team operates with both offensive and defensive perspectives and continuously adapts to the threat landscape. The Team:
Our global security engineering team focuses on application, platform, and offensive security and collaborates with cross-functional partners to strengthen Celonis’ security posture. The Role
The Senior Cloud Security Engineer is a hands-on technical role focused on safeguarding Celonis’ cloud infrastructure across AWS, Azure, and GCP. You will design and implement security measures to protect a large-scale SaaS platform, collaborate with cross-functional teams to embed security in cloud services, and automate security processes for efficiency and consistency. This role suits a seasoned security engineer who enjoys solving complex cloud security challenges and making an impact on a fast-growing tech company. What you’ll do
Cloud Security Implementation: Implement and uphold cloud security best practices across multi-cloud environments. Harden cloud infrastructure by leveraging native security features (e.g., AWS IAM & KMS, Azure AD & Key Vault, GCP IAM & KMS) and ensure proper configuration of network controls, encryption, and logging. Infrastructure & Kubernetes Security: Secure containerized applications and Kubernetes (EKS, AKS, GKE). Include container image scanning, enforcing Kubernetes security policies, managing secrets and certificates, and guiding engineering teams to follow security guidelines. Automation & Tooling: Develop and maintain automation scripts and Infrastructure-as-Code (Terraform, CloudFormation) to embed security into the deployment pipeline. Automate repetitive security tasks to improve efficiency and consistency. Security Monitoring & Response: Enhance cloud security monitoring by tuning CSPM tools and cloud-native monitoring (CloudTrail, GuardDuty, Azure Security Center, etc.). Identify and remediate vulnerabilities or misconfigurations and assist in investigating security alerts or incidents related to cloud infrastructure. Identity and Access Management: Improve cloud IAM configurations to enforce least-privilege access. Manage roles, policies, and access keys across cloud accounts; implement access controls enhancements where needed. Vulnerability Management: Work with vulnerability scanning tools (e.g., Tenable Nessus/Tenable.io) to regularly scan cloud assets and container images. Collaboration & Guidance: Act as a security SME for cloud projects. Advise on secure architecture and coding practices, contribute to threat modeling, and review new features/infrastructure for security risks before deployment. Required Qualifications
Proven Cloud Security Expertise: 5+ years of hands-on security engineering with focus on cloud (AWS, Azure, and GCP). Deep understanding of cloud architecture and services and experience implementing security controls in production clouds. Kubernetes & Container Security: Strong experience securing containerized apps and Kubernetes clusters. Knowledge of container security tools and practices (image vulnerability scanning, runtime security, Kubernetes network policies). Automation Skills: Proficiency in Infrastructure-as-Code and scripting. Experience with Terraform, CloudFormation or similar; ability to write scripts in Python, Go, or Bash to automate security workflows. Cloud Security Posture Management: Hands-on with CSPM solutions or automated cloud compliance checks; ability to identify misconfigurations and remediate them. Identity & Access Management: Deep understanding of cloud IAM, federated identities (SAML/OIDC), and least-privilege principles across multiple accounts and services. Vulnerability & Threat Management: Experience with vulnerability scanning tools and knowledge of common cloud threats and remediation approaches. Real-World Impact: Demonstrated ability to secure real cloud deployments and resolve production security incidents; practical problem-solving is valued over formal credentials. Preferred Qualifications
Teleport & Advanced Tools: Experience with Teleport or similar access proxies; familiarity with vulnerability management platforms like Tenable; comfort with SIEM/IDS/IPS and container security platforms. DevSecOps Mindset: Understanding of CI/CD security testing, SAST/DAST, secret scanning, and Agile collaboration with development teams. SaaS Security Challenges: Experience with multi-tenant SaaS/cloud-native products and data privacy considerations. Continuous Learning: Passion for staying current with cloud security threats and tools; security certifications are a plus but practical knowledge is prioritized. Collaborative Communication: Strong ability to document security guidance and foster security awareness within teams. Visa sponsorship is not offered for this role. The base salary range below is for the role in New York, NY, based on a Full Time Schedule. The total compensation includes base salary, bonus/commission, equity, and benefits. Actual offers are determined by qualifications, skills, experience, and location. Salary : $161,000—$218,000 USD About Celonis Celonis makes processes work for people, companies and the planet. The Celonis Process Intelligence Platform uses process mining and AI to provide a living digital twin of business operations. Celonis is headquartered in Munich and New York City, with offices worldwide. Inclusion and Privacy Celonis Inclusion Statement: We believe diverse perspectives strengthen teams and innovation. Your privacy: information submitted will be processed in accordance with Celonis’ Accessibility and Candidate Notices and Privacy Notice for the Application and Hiring Process. Please be aware of common job offer scams. Learn more here.
#J-18808-Ljbffr
Join to apply for the
Senior Cloud Security Engineer
role at
Celonis . We are Celonis, the global leader in Process Mining technology and one of the world’s fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes. The InfoSec organization designs, builds, and enhances security components that protect the Celonis Application and Platform stacks. The security engineering team operates with both offensive and defensive perspectives and continuously adapts to the threat landscape. The Team:
Our global security engineering team focuses on application, platform, and offensive security and collaborates with cross-functional partners to strengthen Celonis’ security posture. The Role
The Senior Cloud Security Engineer is a hands-on technical role focused on safeguarding Celonis’ cloud infrastructure across AWS, Azure, and GCP. You will design and implement security measures to protect a large-scale SaaS platform, collaborate with cross-functional teams to embed security in cloud services, and automate security processes for efficiency and consistency. This role suits a seasoned security engineer who enjoys solving complex cloud security challenges and making an impact on a fast-growing tech company. What you’ll do
Cloud Security Implementation: Implement and uphold cloud security best practices across multi-cloud environments. Harden cloud infrastructure by leveraging native security features (e.g., AWS IAM & KMS, Azure AD & Key Vault, GCP IAM & KMS) and ensure proper configuration of network controls, encryption, and logging. Infrastructure & Kubernetes Security: Secure containerized applications and Kubernetes (EKS, AKS, GKE). Include container image scanning, enforcing Kubernetes security policies, managing secrets and certificates, and guiding engineering teams to follow security guidelines. Automation & Tooling: Develop and maintain automation scripts and Infrastructure-as-Code (Terraform, CloudFormation) to embed security into the deployment pipeline. Automate repetitive security tasks to improve efficiency and consistency. Security Monitoring & Response: Enhance cloud security monitoring by tuning CSPM tools and cloud-native monitoring (CloudTrail, GuardDuty, Azure Security Center, etc.). Identify and remediate vulnerabilities or misconfigurations and assist in investigating security alerts or incidents related to cloud infrastructure. Identity and Access Management: Improve cloud IAM configurations to enforce least-privilege access. Manage roles, policies, and access keys across cloud accounts; implement access controls enhancements where needed. Vulnerability Management: Work with vulnerability scanning tools (e.g., Tenable Nessus/Tenable.io) to regularly scan cloud assets and container images. Collaboration & Guidance: Act as a security SME for cloud projects. Advise on secure architecture and coding practices, contribute to threat modeling, and review new features/infrastructure for security risks before deployment. Required Qualifications
Proven Cloud Security Expertise: 5+ years of hands-on security engineering with focus on cloud (AWS, Azure, and GCP). Deep understanding of cloud architecture and services and experience implementing security controls in production clouds. Kubernetes & Container Security: Strong experience securing containerized apps and Kubernetes clusters. Knowledge of container security tools and practices (image vulnerability scanning, runtime security, Kubernetes network policies). Automation Skills: Proficiency in Infrastructure-as-Code and scripting. Experience with Terraform, CloudFormation or similar; ability to write scripts in Python, Go, or Bash to automate security workflows. Cloud Security Posture Management: Hands-on with CSPM solutions or automated cloud compliance checks; ability to identify misconfigurations and remediate them. Identity & Access Management: Deep understanding of cloud IAM, federated identities (SAML/OIDC), and least-privilege principles across multiple accounts and services. Vulnerability & Threat Management: Experience with vulnerability scanning tools and knowledge of common cloud threats and remediation approaches. Real-World Impact: Demonstrated ability to secure real cloud deployments and resolve production security incidents; practical problem-solving is valued over formal credentials. Preferred Qualifications
Teleport & Advanced Tools: Experience with Teleport or similar access proxies; familiarity with vulnerability management platforms like Tenable; comfort with SIEM/IDS/IPS and container security platforms. DevSecOps Mindset: Understanding of CI/CD security testing, SAST/DAST, secret scanning, and Agile collaboration with development teams. SaaS Security Challenges: Experience with multi-tenant SaaS/cloud-native products and data privacy considerations. Continuous Learning: Passion for staying current with cloud security threats and tools; security certifications are a plus but practical knowledge is prioritized. Collaborative Communication: Strong ability to document security guidance and foster security awareness within teams. Visa sponsorship is not offered for this role. The base salary range below is for the role in New York, NY, based on a Full Time Schedule. The total compensation includes base salary, bonus/commission, equity, and benefits. Actual offers are determined by qualifications, skills, experience, and location. Salary : $161,000—$218,000 USD About Celonis Celonis makes processes work for people, companies and the planet. The Celonis Process Intelligence Platform uses process mining and AI to provide a living digital twin of business operations. Celonis is headquartered in Munich and New York City, with offices worldwide. Inclusion and Privacy Celonis Inclusion Statement: We believe diverse perspectives strengthen teams and innovation. Your privacy: information submitted will be processed in accordance with Celonis’ Accessibility and Candidate Notices and Privacy Notice for the Application and Hiring Process. Please be aware of common job offer scams. Learn more here.
#J-18808-Ljbffr