Security Operations Lead

We're Celonis, the global leading Process Mining software company and one of the world's fastest-growing SaaS firms. We believe that every company can unlock its full execution capacity - and for that, we need you to join us as a  SOC Lead  in our Information Security organization within one of our three core domains: Security Engineering, Security Operations, and Trust.

Come be a part of our rapidly growing team focused on the development of a world-class Security Operations program!

The Role:

As the Security Operations Lead, you will be responsible for the management, supervision, and coordination of cybersecurity incidents as part of a global operation. The Security Operations Lead also maintains incident response playbooks, conducts cyber tabletop exercises, acts as a liaison to business units within Celonis, and provides visibility into the executive leadership of Celonis. This role is responsible for identifying gaps in processes, building additional capabilities and procedures, and acting as the primary owner for incident escalation and resolution. As the Celonis Security Operations team continues to evolve to become an industry leading organization, this role will have the ability to drive innovation within the team and have a meaningful impact on future initiatives. 

Your primary role will entail: 

• Communicate successfully with partners from technical and business domains to understand project objectives, dependencies, and requirements
• Manage milestones by the development of JIRA Epics/Stories and alignment of resources to project requirements and tasks
• Drive accountability across teams to ensure program objectives are met
• Gather and examine business operations and internal security team needs and opportunities for new information security programs, products and projects
• Drive organizational needs cross-functionally with product, engineering and finance including tracking and reporting of progress and metrics
• Work closely across teams to collaborate to ensure dependencies are well known and critical issues are identified and resolved
• Manage complex security initiatives, delivering critical solutions, while implementing significant improvements, new mechanisms, or deprecating processes that are no longer needed.  

The  Team:

Our Global information security organization is responsible for security and trust at Celonis. We think security-offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The Security Operations organization is looking for talented teammates that have experience in managing large scale projects and development initiatives in cloud, application, product, and operations domains. 

The work you’ll do:

• Serve as the a lead role within a 24x7 Security Operations Center, leading significant or high-profile incidents, including validation and resolution, coordinating response activities across the Celonis business units
• Capable of rapid, independent decision making in stressful, dynamic situations, including those that impact critical business functions and Celonis’ clients
• Provide strategic guidance on and tracking of tools, visibility, and capabilities gaps that affect Celonis’ security posture and ability to respond to incidents
• Coordinate and direct efforts among the Security Operations team members throughout the incident response lifecycle
• Provide timely and relevant updates to appropriate executive stakeholders and Security Operations leadership for critical or high-visibility incidents
• Responsible for root cause analysis determinations post-incident and develop and after-action report to identify future maturation opportunities for high severity incidents
• Participate in testing and update incident response plans and playbooks accordingly to ensure to address existing and emergent threats to the environment
• Perform special projects, initiatives, and training exercise to help bring Celonis to the cutting edge of security operations and incident response and establish this team as an industry leader
• Creation of reports, dashboards, metrics for the efficiency and efficacy of operations and presentation to Security Operations management
• Focus on threat management, threat modeling, identify threat vectors and develop use cases for security monitoring to increase Celonis’ visibility into their security posture 
• Act as Subject Matter Expert to mentor more junior SOC roles and assist in developing training initiatives to continuously evolve our team

The qualifications you’ll need:

• 3 - 5 years as a SOC Analyst or Security Engineer
• A strong familiarity with the MITRE ATT&CK framework and experience in aligning operations to industry frameworks and best practices
• Passionate about security, eager to learn and act as a mentor, and want to have a crucial role in developing a new global capability
• Experience in performing incident response in AWS/Azure/GCP cloud environments
• Familiarity with principles of Incident Management and the Attack Life Cycle as well as relevant NIST guidance for incident response and readiness
• Network security systems, architecture, and administration, to include firewalls, web proxies, content filters, and endpoint protection
• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
• Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc)
• Experience with enterprise level SIEM solutions
• Stay up to date on information technology trends and security standards.
• Ability to define, communicate and execute on a vision and strategy
• Ability to effectively communicate with technical and non-technical resources
• Ability to effectively manage an operational cell of the SOC, coordinating with other global SOC Leads and management
• Flexibility in scheduling to support 24x7x365 operations globally

What Celonis can offer you:

• The unique opportunity to work within a new category of technology, Execution Management
• Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, mentorships, yearly development stipend)
• Great compensation and benefits packages (stock options, 401(K) matching, generous time off, parental leave, and more)
• Work from home support (mindfulness tools such as Headspace, monthly remote working stipend, flexible working hours, virtual events and workshops)
• A global and growing team of Celonauts from diverse backgrounds to learn from and work with
• An open-minded culture with innovative, autonomous teams
• Employee resource communities to help you feel connected, valued and seen (Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
• A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future

About Us

Celonis believes that every company can unlock its full execution capacity. Powered by its market-leading process mining core, the Celonis Execution Management System provides a set of applications, and developer studio and platform capabilities for business executives and users to eliminate billions in corporate inefficiencies. Celonis has thousands of global customers and is headquartered in Munich, Germany and New York City, USA with 15 offices worldwide.

Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Different makes us better.