Senior Product Security Engineer

We're Celonis, the global leader in Process Intelligence technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing AI, data and intelligence at the core of business processes - and for that, we need your help. Care to join us?

The Team :

Within our InfoSec organization, Our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is always looking for talented subject matter experts in application, platform and offensive security.

The Role :

Celonis is looking for a Senior Application Security Engineer to help assess and validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to mentor the application security engineers who are building and securing our cutting-edge application layer services.

The work you'll do :

• Conduct threat modeling, secure code reviews, and security assessments across web / native application, and infrastructure, proactively identifying vulnerabilities and providing clear recommendations to the development teams.
• Conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies.
• Review source code for potential security issues, writing security test cases to check for vulnerabilities or broken / missing security controls.
• Provide specific risk assessment and remediation guidelines for developers and business owners.
• Research the latest security best practices, trends, threats and vulnerabilities, and technology frameworks.
• Perform in-depth security review of new features. This includes identifying security vulnerabilities (including, but not limited to OWASP top ten), reviewing code in Java or C++, verifying security posture through source-assisted security assessments and penetration testing (using manual / automated techniques with tools such as Burp suite and Semgrep).
• Partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.
• Work on essential areas to develop security baseline for application, container, cloud, orchestration platforms, and integrate it into the CI / CD pipeline.
• Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2, etc.).
• Lead complex security projects, from initial planning through execution and completion.
• Act as internal advocate and subject matter expert on secure software development practices.
• Lead secure development awareness communications and training initiatives.

The qualifications you'll need :

Visa sponsorship is not offered for this role.

The base salary range below is for the role in the specified location, based on a Full Time Schedule.

Total compensation package will include base salary + bonus / commission + equity + benefits (health, dental, life, 401k, and paid time off). Please note that the base salary range is a guideline, and that the actual total compensation offer will be determined based on various factors, including, but not limited to, applicant's qualifications, skills, experiences, and location.

The base salary range below is for the role in New York, based on a Full Time Schedule.

$161,000-$218,000 USD

What Celonis Can Offer You :

About Us :

Celonis makes processes work for people, companies and the planet. The Celonis Process Intelligence Platform uses industry-leading process mining and AI technology and augments it with business context to give customers a living digital twin of their business operation. It's system-agnostic and without bias, and provides everyone with a common language for understanding and improving businesses. Celonis enables its customers to continuously realize significant value across the top, bottom, and green line. Celonis is headquartered in Munich, Germany, and New York City, USA, with more than 20 offices worldwide.

Get familiar with the Celonis Process Intelligence Platform by watching this video.

Celonis Inclusion Statement :

At Celonis, we believe our people make us who we are and that "The Best Team Wins". We know that the best teams are made up of people who bring different perspectives to the table. And when everyone feels included, able to speak up and knows their voice is heard - that's when creativity and innovation happen.

Your Privacy :

Any information you submit to Celonis as part of your application will be processed in accordance with Celonis' Accessibility and Candidate Notices

By submitting this application, you confirm that you agree to the storing and processing of your personal data by Celonis as described in our Privacy Notice for the Application and Hiring Process.

Please be aware of common job offer scams, impersonators and frauds. Learn more here.