We're Celonis, the global leading Process Mining software company and one of the world's fastest-growing SaaS firms. We believe that every company can unlock its full execution capacity - and for that, we need you to join us as an Application Security Engineer.
Within our InfoSec organization, our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is looking for talented subject matter experts in application, platform and offensive security.
Celonis is looking for an Application Security Engineer to help assess and validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to learn from, and be mentored by, those who are building and securing our cutting-edge application layer services.
The work you’ll do:
- You will participate in threat modeling, application architecture review, security code review, security assessment, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments).
- Conducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies
- Reviewing source code for potential security issues
- Writing security test cases to check for vulnerabilities or broken/missing security controls
- Providing specific risk assessment and remediation guidelines for developers and business owners
- Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks
- Perform in-depth security review of new features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java or C++, verifying security posture through pen-test (using manual/automated techniques with tools like Kali Linux, Burp suite, Checkmarx, WebInspect).
- You will partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.
- Work on essential areas to develop security baseline for cloud, container, and application and integrate it into the CI/CD pipeline.
- Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2, etc.).
The qualifications you need:
- 3+ years previous experience in information security.
- 2+ years’ experience working within software development.
- A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.
- Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
- Able to work both independently as well with development teams and multi-task effectively.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them.
- Experience of security architecture and design reviews.
- Experience with multiple languages such as Java, Go, Python etc. and understand how to detect and remedy related security issues such as OWASP top 10.
What Celonis can offer you:
- The unique opportunity to work within a new category of technology, Execution Management
- Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, mentorships, yearly development stipend)
- Great compensation and benefits packages (stock options, 401(K) matching, generous time off, parental leave, and more)
- Work from home support (mindfulness tools such as Headspace, monthly remote working stipend, flexible working hours, virtual events and workshops)
- A global and growing team of Celonauts from diverse backgrounds to learn from and work with
- An open-minded culture with innovative, autonomous teams
- Employee resource communities to help you feel connected, valued and seen (Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
- A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future
Celonis believes that every company can unlock its full execution capacity. Powered by its market-leading process mining core, the Celonis Execution Management System provides a set of applications, and developer studio and platform capabilities for business executives and users to eliminate billions in corporate inefficiencies. Celonis has thousands of global customers and is headquartered in Munich, Germany and New York City, USA with 15 offices worldwide.
Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Different makes us better.