Senior Application Security Engineer
CelonisExecution management and process mining from Celonis. We reveal and realize the value opportunities hiding in your processes - fast. Get started with Celonis EMS quickly and scale infinitely.
Within our InfoSec organization, Our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is always looking for talented subject matter experts in application, platform and offensive security.
Celonis is looking for a Senior Application Security Engineer to help assess and validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to mentor the application security engineers who are building and securing our cutting-edge application layer services.
The work you’ll do:
- You will participate in threat modeling, application architecture review, security code review, security assessment, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments).
- Conducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies
- Reviewing source code for potential security issues
- Writing security test cases to check for vulnerabilities or broken/missing security controls
- Providing specific risk assessment and remediation guidelines for developers and business owners
- Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks
- Perform in-depth security review of new features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java or C++, verifying security posture through pen-test (using manual/automated techniques with tools like Kali Linux, Burp suite, Checkmarx, WebInspect).
- You will partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.
- Work on essential areas to develop security baseline for cloud, container, and application and integrate it into the CI/CD pipeline.
- Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2, etc.).
- Own security projects from start to finish
- Act as internal advocate and subject matter expert on secure software development practices.
- Lead secure development awareness communications and training initiatives.
The qualifications you’ll need:
- 4+ years previous experience in information security.
- 3+ years’ experience working within software development.
- A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.
- Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
- Able to work both independently as well with development teams and multi-task effectively.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them.
- Experience of security architecture and design reviews.
- Experience with multiple languages such as Java, Go, Python etc. and understand how to detect and remedy related security issues such as OWASP top 10.
- Have led security projects from initial planning to completion
What Celonis can offer you:
- The unique opportunity to work within a new category of technology, Execution Management
- Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, L&D platform, mentorships, and more)
- Great compensation and benefits packages (equity (restricted stock units), life insurance, time off, generous leave for new parents from day one, and more). For intern and working student benefits, click here
- Physical and mental well-being support (subsidized gym membership, access to counselling, virtual events on well-being topics, and more)
- A global and growing team of Celonauts from diverse backgrounds to learn from and work with
- An open-minded culture with innovative, autonomous teams
- Business Resource Groups to help you feel connected, valued and seen (Black@Celonis, Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
- A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future
Celonis enables customers to optimize their business processes. Powered by its leading process mining technology, Celonis provides a unique set of capabilities for business executives and users to continuously find improvement opportunities within and across processes, and execute targeted actions to rapidly enhance process performance. This optimization yields immediate cash impact, radically improves customer experience, and reduces carbon emissions. Celonis has thousands of implementations with global customers and is headquartered in Munich, Germany and New York City, USA with more than 20 offices worldwide.
Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment and equal opportunity in all aspects of employment. We will not tolerate any unlawful discrimination or harassment of any kind. We make all employment decisions without regard to race/ethnicity, color, sex, pregnancy, age, sexual orientation, gender identity or expression, transgender status, national origin, citizenship status, religion, physical or mental disability, veteran status, or any other factor protected by applicable anti-discrimination laws. As a US federal contractor, we are committed to the principles of affirmative action in accordance with applicable laws and regulations. Different makes us better.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Burp Suite C Checkmarx CI/CD Cloud Compliance Computer Science Java Kali Linux NIST Offensive security OWASP Pentesting Python Risk assessment Security assessment SOC 2 Vulnerabilities
More jobs like this
Communications House,, Staines-Upon-Thames, United … Communications House,, Staines-Upon-Thames, United Kingdom Full TimeSenior Senior-levelUSD 135K - 220K * USD 135K+ *
Mobile Security Engineer - CertificationAndroid Banking C Finance Industrial Linux +7
Competitive pay Flex hours Gear Home office stipend Salary bonus
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs