Threat Intelligence Lead

We're Celonis, the global leading Process Mining software company and one of the world's fastest-growing SaaS firms. We believe that every company can unlock its full execution capacity - and for that, we need you to join us as a Threat Intelligence Lead in our Information Security organization within one of our three core domains: Security Engineering, Security Operations, and Trust.

Come be a part of our rapidly growing team focused on the development of a world-class Security Operations program!

The Team:

Our Global information security organization is responsible for security and trust at Celonis. We think security-offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The Security Operations organization is looking for talented teammates that have experience in managing large scale projects and development initiatives in cloud, application, product, and operations domains.

The Role:

As the Threat Intelligence Lead, your role will focus on identification, analysis, processing, and distribution of finished intelligence. You will quickly and discreetly provide intelligence to assist in decision making to actively thwart emergent and current threats that impact our customers. Specific duties of this role include: intelligence gathering, processing incoming information, developing reports and documentation, identifying and investigating new vulnerabilities, translating analysis into actionable intelligence, establishing and maintaining systematic intelligence records and files, and integrating incoming information with past and current intelligence and investigations.

Additionally, as a Lead, you will assist in the development of a team of Threat Intelligence analysts and lay the groundwork for process development and refinement. This role will also have a personnel management component as this function continues to scale to meet Celonis’ rapid growth.

Your primary role will entail: 

• Communicate successfully with partners from technical and business domains to understand project objectives, dependencies, and requirements
• Manage milestones by the development of JIRA Epics/Stories and alignment of resources to project requirements and tasks
• Drive accountability across teams to ensure program objectives are met
• Gather and examine business operations and internal security team needs and opportunities for new information security programs, products and projects
• Drive organizational needs cross-functionally with product, engineering and finance including tracking and reporting of progress and metrics
• Work closely across teams to collaborate to ensure dependencies are well known and critical issues are identified and resolved
• Manage complex security initiatives, delivering critical solutions, while implementing significant improvements, new mechanisms, or deprecating processes that are no longer needed.  

The work you’ll do:

• Develop a program that will ultimately assist in prioritizing response actions, support risk-management decision making and provide enriched, contextualized data to assist in quick determination of organizational exposure to identified threats.  
• Identify, collect, and process data for intelligence value
• Build and maintain intelligence tools and lead integration efforts with other internal security tools. 
• Understand the current threat landscape that Celonis faces and assist other internal security teams in maturing current processes and tools to better prepare and respond to security threats. 
• Conduct advanced analysis and research on the latest threat actor activity and provide actionable threat intelligence in the form of IOCs, TTPs, and threat trends. 
• Develop in depth reports on current and emerging threats and how they impact Celonis. 
• Develop and document CTI requirements

The qualifications you need:

• 3+ years of experience in the domain of Cyber Threat Intelligence
• Excellent written and verbal communication skills, analytical thinking, and the ability to lead multiple analysts in threat intelligence efforts.
• Experience developing threat intelligence reports for technical audiences.
• Familiarity using common threat landscape frameworks like Cyber Kill Chain, Diamond Model, Mitre ATT&CK
• Understanding of host and network based forensic artifacts and IOCs
• Experienced in analyzing threat actor TTPs and creating threat profiles to aid in proactive defense against these threats
• Ability to develop threat intelligence use case plans
• Experience in using Threat Intelligence Platforms such as Recorded Future, Anomali, LookingGlass, LogRhythm
• Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
• Knowledge of malware families, botnets, threats by sector, and various attack campaigns and attacker methods, tools/techniques/practices
• Knowledge of cloud technologies including Azure, AWS, and GCP
• Common knowledge of critical security controls is required including; authentication, encryption, IDS, WAFs, firewalls, HIPS, EDR, EPP, etc.

What Celonis can offer you:

• The unique opportunity to work within a new category of technology, Execution Management
• Investment in your personal growth and skill development (clear career paths, internal mobility opportunities, mentorships, yearly development stipend)
• Great compensation and benefits packages (stock options, 401(K) matching, generous time off, parental leave, and more)
• Work from home support (mindfulness tools such as Headspace, monthly remote working stipend, flexible working hours, virtual events and workshops)
• A global and growing team of Celonauts from diverse backgrounds to learn from and work with
• An open-minded culture with innovative, autonomous teams
• Employee resource communities to help you feel connected, valued and seen (Women@Celonis, Parents@Celonis, Pride@Celonis, Resilience@Celonis, and more)
• A clear set of company values that guide everything we do: Live for Customer Value, The Best Team Wins, We Own It, and Earth Is Our Future

About Us

Celonis believes that every company can unlock its full execution capacity. Powered by its market-leading process mining core, the Celonis Execution Management System provides a set of applications, and developer studio and platform capabilities for business executives and users to eliminate billions in corporate inefficiencies. Celonis has thousands of global customers and is headquartered in Munich, Germany and New York City, USA with 15 offices worldwide.

Celonis is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Different makes us better.