Senior Cloud Security Engineer

We're Celonis, the global leader in Process Mining technology and one of the world's fastest-growing SaaS firms. We believe there is a massive opportunity to unlock productivity by placing data and intelligence at the core of business processes - and for that, we need you to join us.

The Team:

Within our InfoSec organization, Our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is always looking for talented subject matter experts in application, platform and offensive security.

The Role:

The Senior Cloud Security Engineer is a hands-on technical role focused on safeguarding Celonis’ cloud infrastructure across AWS, Azure, and GCP. In this role, you will design and implement cutting-edge security measures to protect a large-scale SaaS platform. You’ll collaborate with cross-functional teams to ensure security is embedded in our cloud services and automate security processes for efficiency and consistency. This role is ideal for a seasoned security engineer who enjoys solving complex cloud security challenges and wants to have a direct impact on the security posture of a fast-growing tech company.

The work you’ll do:

• Cloud Security Implementation: Implement and uphold cloud security best practices across multi-cloud environments. Harden our cloud infrastructure by leveraging native security features (e.g., AWS IAM & KMS, Azure AD & Key Vault, GCP IAM & KMS) and ensuring proper configuration of network controls, encryption, and logging.
• Infrastructure & Kubernetes Security: Secure Celonis’ use of containerized applications and Kubernetes (EKS, AKS, GKE). This includes setting up container image scanning, enforcing Kubernetes security policies, managing secrets and certificates, and working with engineering teams to ensure microservices follow security guidelines.
• Automation & Tooling: Develop and maintain automation scripts and Infrastructure-as-Code (Terraform, CloudFormation) to embed security into the deployment pipeline. Automate repetitive security tasks (such as provisioning secure configurations, patch management, and compliance checks) to improve efficiency and consistency.
• Security Monitoring & Response: Enhance cloud security monitoring by tuning and extending CSPM tools and cloud-native monitoring (CloudTrail, GuardDuty, Azure Security Center, etc.). Identify potential vulnerabilities or misconfigurations proactively and work on fixes. Assist in investigating security alerts or incidents related to cloud infrastructure and coordinate remediation efforts.
• Identity and Access Management: Continuously improve cloud IAM configurations to enforce least-privilege access. Manage roles, policies, and access keys across the organization’s cloud accounts. Implement solutions like Teleport to strengthen access controls for engineers and applications accessing sensitive cloud resources.
• Vulnerability Management: Work with vulnerability scanning tools (such as Tenable Nessus/Tenable.io) to regularly scan cloud assets and container images.
• Collaboration & Guidance: Serve as a security subject matter expert for cloud projects. Collaborate with developers, DevOps, and SRE teams to advise on secure architecture and coding practices. Contribute to threat modeling exercises and review new features/infrastructure for potential security risks before deployment.

Required Qualifications:

• Proven Cloud Security Expertise: 5+ years of hands-on experience in security engineering with a strong focus on cloud (AWS, Azure, and GCP). Deep understanding of cloud architecture and services, and proven experience implementing security controls in a production cloud environment.
• Kubernetes & Container Security: Strong experience securing containerized applications and Kubernetes clusters. Familiarity with tools and practices for container security (image vulnerability scanning, runtime security, Kubernetes network policies, service mesh security).
• Automation Skills: Proficiency in Infrastructure-as-Code and scripting. Demonstrated ability to use Terraform, CloudFormation or similar to deploy secure configurations, and to write scripts in Python, Go, or Bash to automate security workflows. You should be able to build tools or integrations that reduce manual effort and human error.
• Cloud Security Posture Management: Hands-on experience with Cloud Security Posture Management (CSPM) solutions or implementing automated checks for cloud compliance. Ability to identify misconfigurations and weaknesses in cloud setups and remediate them (for example, S3 bucket policies, public exposure of resources, etc.).
• Identity & Access Management: In-depth understanding of cloud IAM and access control mechanisms. Experience designing role-based access schemes, managing federated identities (SAML/OIDC), and implementing principles of least privilege across multiple cloud accounts and services.
• Vulnerability & Threat Management: Experience with vulnerability scanning tools (e.g., Tenable, Qualys) and interpreting their output. Knowledge of common cloud threats and vulnerabilities (OWASP Cloud Top 10, CIS benchmarks) and experience in remediating them.
• Real-World Impact: A track record of securing real cloud deployments and solving security incidents or challenges in production. We value hands-on problem-solving skills and achievements—being able to point to projects and outcomes where you made a difference in security. (Formal degrees or certifications are less important than your proven ability to do the job.)

Preferred Qualifications:

• Teleport & Advanced Tools: Experience with Teleport or similar identity-based access proxies for infrastructure is a strong plus, as is familiarity with the Tenable suite or other vulnerability management platforms. Comfort with other security tools (SIEM, IDS/IPS, container security platforms like Aqua or Prisma Cloud) is beneficial.
• DevSecOps Mindset: Working knowledge of CI/CD pipelines and how to integrate security testing into them (e.g., integrating SAST/DAST, secret scanning in pipelines). Ability to work in an Agile environment and partner with development teams using a DevSecOps approach.
• SaaS Security Challenges: Prior experience in a SaaS or cloud-native product company. Understanding the security considerations of multi-tenant architectures, data privacy, and scaling security solutions in a customer-facing cloud service.
• Continuous Learning & Innovation: Passion for staying up-to-date with the latest cloud security threats, tools, and best practices. Participation in security conferences, certifications like AWS/Azure Security Specialty, or contributions to open source security projects are a plus (though we prioritize practical knowledge over credentials).
• Collaborative Communication: Excellent communication skills to articulate complex security issues to both technical and non-technical colleagues. Experience writing security documentation or standard operating procedures, and fostering a culture of security awareness within teams.

Visa sponsorship is not offered for this role.

The base salary range below is for the role in the specified location, based on a Full Time Schedule.

Total compensation package will include base salary + bonus/commission + equity + benefits (health, dental, life, 401k, and paid time off). Please note that the base salary range is a guideline, and that the actual total compensation offer will be determined based on various factors, including, but not limited to, applicant's qualifications, skills, experiences, and location.The base salary range below is for the role in New York, based on a Full Time Schedule. $161,100—$216,900 USD

What Celonis Can Offer You:

• The unique opportunity to work with industry-leading process mining technology
• Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, L&D platform, mentorships, and more)
• Great compensation and benefits packages (equity (restricted stock units), life insurance, time off, generous leave for new parents from day one, and more). For intern and working student benefits, click here.
• Physical and mental well-being support (subsidized gym membership, access to counseling, virtual events on well-being topics, and more)
• A global and growing team of Celonauts from diverse backgrounds to learn from and work with
• An open-minded culture with innovative, autonomous teams
• Business Resource Groups to help you feel connected, valued and seen (Black@Celonis, Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
• A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future

 

About Us:

Celonis helps some of the world’s largest and most esteemed brands make processes work for people, companies and the planet. With over 5,000 enterprise customer deployments across nearly every industry, the Celonis Process Intelligence Platform uses process mining and AI to give you a living digital twin of your business operation. It’s system-agnostic and without bias, and empowers companies to reduce waste, create value and benefit people across the top, bottom, and green lines. Since 2011, the Celonis platform has enabled its customers to identify more than $18 billion in value. Celonis is headquartered in Munich, Germany, and New York City, USA, with more than 20 offices worldwide.

Get familiar with the Celonis Process Intelligence Platform by watching this video.

 

Data Privacy, Equal Opportunity, and Accessibility Information

Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment and equal opportunity in all aspects of employment. We will not tolerate any unlawful discrimination or harassment of any kind. We make all employment decisions without regard to race/ethnicity, color, sex, pregnancy, age, sexual orientation, gender identity or expression, transgender status, national origin, citizenship status, religion, physical or mental disability, veteran status, or any other factor protected by applicable anti-discrimination laws. As a US federal contractor, we are committed to the principles of affirmative action in accordance with applicable laws and regulations. Different makes us better. 

Any information you submit to Celonis as part of your application will be processed in accordance with Celonis’  Statements on Data Privacy, Equal Opportunity and Accessibility.

Please be aware of common job offer scams, impersonators and frauds. Learn more here.

By submitting this application, you confirm that you agree to the storing and processing of your personal data by Celonis as described in our Privacy Notice for the Application and Hiring Process.