Senior Cloud Security Engineer

 

The Team:

Within our InfoSec organization, Our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is always looking for talented subject matter experts in application, platform and offensive security.

The Role:

The Senior Cloud Security Engineer is a hands-on technical role focused on safeguarding Celonis’ cloud infrastructure across AWS, Azure, and GCP. In this role, you will design and implement cutting-edge security measures to protect a large-scale SaaS platform. You’ll collaborate with cross-functional teams to ensure security is embedded in our cloud services and automate security processes for efficiency and consistency. This role is ideal for a seasoned security engineer who enjoys solving complex cloud security challenges and wants to have a direct impact on the security posture of a fast-growing tech company.

The work you’ll do:

• Cloud Security Implementation: Implement and uphold cloud security best practices across multi-cloud environments. Harden our cloud infrastructure by leveraging native security features (e.g., AWS IAM & KMS, Azure AD & Key Vault, GCP IAM & KMS) and ensuring proper configuration of network controls, encryption, and logging.
• Infrastructure & Kubernetes Security: Secure Celonis’ use of containerized applications and Kubernetes (EKS, AKS, GKE). This includes setting up container image scanning, enforcing Kubernetes security policies, managing secrets and certificates, and working with engineering teams to ensure microservices follow security guidelines.
• Automation & Tooling: Develop and maintain automation scripts and Infrastructure-as-Code (Terraform, CloudFormation) to embed security into the deployment pipeline. Automate repetitive security tasks (such as provisioning secure configurations, patch management, and compliance checks) to improve efficiency and consistency.
• Security Monitoring & Response: Enhance cloud security monitoring by tuning and extending CSPM tools and cloud-native monitoring (CloudTrail, GuardDuty, Azure Security Center, etc.). Identify potential vulnerabilities or misconfigurations proactively and work on fixes. Assist in investigating security alerts or incidents related to cloud infrastructure and coordinate remediation efforts.
• Identity and Access Management: Continuously improve cloud IAM configurations to enforce least-privilege access. Manage roles, policies, and access keys across the organization’s cloud accounts. Implement solutions like Teleport to strengthen access controls for engineers and applications accessing sensitive cloud resources.
• Vulnerability Management: Work with vulnerability scanning tools (such as Tenable Nessus/Tenable.io) to regularly scan cloud assets and container images.
• Collaboration & Guidance: Serve as a security subject matter expert for cloud projects. Collaborate with developers, DevOps, and SRE teams to advise on secure architecture and coding practices. Contribute to threat modeling exercises and review new features/infrastructure for potential security risks before deployment.

Required Qualifications:

• Proven Cloud Security Expertise: 5+ years of hands-on experience in security engineering with a strong focus on cloud (AWS, Azure, and GCP). Deep understanding of cloud architecture and services, and proven experience implementing security controls in a production cloud environment.
• Kubernetes & Container Security: Strong experience securing containerized applications and Kubernetes clusters. Familiarity with tools and pract