We're Celonis, the global leading Process Mining software company and one of the world's fastest-growing SaaS firms. We believe that every company can unlock its full execution capacity - and for that, we need you to join us as a SOC Analyst.
Our Global information security organization is responsible for security and trust. We think security-offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The Security Operations team is always looking for talented subject matter experts in domains such as Detection, Response, Threat Hunting, and Vulnerability Management.
At each and every Celonis office, we get things done quickly by cultivating an open-minded culture with creative, collaborative, autonomous teams in which the best ideas win. As an Analyst in Celonis’ Cyber Security Operations team, you will be at the frontlines of defending Celonis and its operations from sophisticated attackers in a global, 24x7 environment. This role is primarily responsible for the detection, response, and remediation of cybersecurity incidents within the organization. As the Celonis Security Operations team continues to evolve to become an industry leading organization, this role will have the ability to drive innovation within the team and have a meaningful impact on future initiatives.
The work you’ll do:
- Serve as the primary responder for incidents that require investigation and remediation, as well as coordination with other business units within Celonis to perform these functions
- Engage in the Incident Response Lifecycle to mitigate, circumvent, and prevent attacker objectives including the validation of use cases and functions leveraging event data, SIEM log analysis, and network data analysis tools
- Act as the frontline analysis of all new alerts generated by correlation/alerting tools in addition to other external sources that will feed into the Security Operations Center
- Monitor the environment and other internal tools for anomalous behavior to respond to potential threats to the organization
- Act as the lead incident handler responsible for all incident notification calls and major incident response situations
- Assist in developing the incident response strategy, as well as identifying visibility and detection gaps and developing use cases and response processes to close these gaps
- Have the responsibility of leading the incident response efforts to incidents and act as a key strategic decision maker to escalate to the Security Operations Lead
- Conduct after action reporting and provides relevant insights to guide improvements and adjustments to cybersecurity response processes
- Responsible for the turn over between shifts to the incoming teams globally to pass along critical information and ensure any open incidents effectively transitioned
- Document relevant incident information into the case management system, detailing the critical data for each incident to develop a historical record
- Assist in the development of metrics data to help provide visibility into the security posture of the Celonis infrastructure
The qualifications you need:
- Previous experience as a SOC Analyst or Security Engineer
- Experience in performing incident response in AWS/Azure/GCP cloud environments
- Experience with Antivirus or Endpoint protection solutions
- Familiarity with principles of Incident Management and the Attack Life Cycle as well as relevant NIST guidance for incident response and readiness
- Common knowledge of critical security controls is required including; authentication, encryption, IDS, WAFs, firewalls, HIPS, EDR, EPP, etc.
- IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
- Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc)
- An understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies
- Experience with enterprise level SIEM solutions
- Stay up to date on information technology trends and security standards.
- Ability to define, communicate and execute on a vision and strategy
- Ability to effectively communicate with technical and non-technical resources
- Self-directed, works with minimal guidance, and recognizes when guidance needed
- Flexibility in scheduling to support 24x7x365 operations globally
What Celonis can offer you:
- The unique opportunity to work within a new category of technology, Execution Management
- Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, mentorships, yearly development stipend)
- Great compensation and benefits packages (stock options, 401(K) matching, generous time off, parental leave, and more)
- Work from home support (mindfulness tools such as Headspace, monthly remote working stipend, flexible working hours, virtual events and workshops)
- A global and growing team of Celonauts from diverse backgrounds to learn from and work with
- An open-minded culture with innovative, autonomous teams
- Employee resource communities to help you feel connected, valued and seen (Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
- A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future
Celonis believes that every company can unlock its full execution capacity. Powered by its market-leading process mining core, the Celonis Execution Management System provides a set of applications, and developer studio and platform capabilities for business executives and users to eliminate billions in corporate inefficiencies. Celonis has thousands of global customers and is headquartered in Munich, Germany and New York City, USA with 15 offices worldwide.
Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Different makes us better.