Senior Cloud Security Engineer

📋 Description

• • As a Senior Cloud Security Engineer at Celonis, you will be at the forefront of safeguarding our rapidly expanding global SaaS platform. This is a deeply technical, hands-on role where you will architect, implement, and maintain robust security measures across our multi-cloud infrastructure, encompassing AWS, Azure, and GCP. You will be instrumental in embedding security best practices into our cloud services, from initial design through to ongoing operations, ensuring the integrity, confidentiality, and availability of our critical systems and customer data.
• • Your primary responsibility will be to design and deploy cutting-edge security solutions that protect Celonis’ cloud environments. This involves a deep dive into cloud-native security features, such as AWS IAM & KMS, Azure AD & Key Vault, and GCP IAM & KMS, ensuring they are configured optimally to enforce granular access controls and protect sensitive data. You will also be responsible for hardening our cloud infrastructure by implementing strong network controls, robust encryption mechanisms, and comprehensive logging strategies to provide full visibility into our cloud estate.
• • A significant part of your role will focus on securing our containerized applications and Kubernetes clusters (EKS, AKS, GKE). You will implement and manage container image scanning solutions to identify vulnerabilities before deployment, enforce strict Kubernetes security policies to prevent unauthorized access and misconfigurations, and manage secrets and certificates effectively. Collaboration with our engineering teams will be key to ensuring that microservices adhere to security guidelines throughout their lifecycle.
• • Automation is central to our security strategy. You will develop and maintain Infrastructure-as-Code (IaC) using tools like Terraform and CloudFormation to automate the provisioning of secure cloud environments and embed security directly into our CI/CD pipelines. This includes automating repetitive security tasks such as secure configuration deployment, patch management, and compliance checks, thereby enhancing efficiency, consistency, and reducing the potential for human error.
• • You will play a vital role in enhancing our cloud security monitoring capabilities. This involves tuning and extending our Cloud Security Posture Management (CSPM) tools and leveraging cloud-native monitoring services like CloudTrail, GuardDuty, and Azure Security Center to detect and alert on suspicious activities. Proactively identifying potential vulnerabilities and misconfigurations, and driving their remediation will be a core function. You will also assist in the investigation of security alerts and incidents related to our cloud infrastructure, coordinating effective remediation efforts.
• • Strengthening our Identity and Access Management (IAM) framework is paramount. You will continuously refine cloud IAM configurations to enforce the principle of least privilege, ensuring that access to cloud resources is granted only to those who absolutely need it. This includes managing roles, policies, and access keys across our organization’s cloud accounts and implementing advanced solutions like Teleport to enhance access controls for engineers and applications interacting with sensitive cloud resources.
• • You will be actively involved in our vulnerability management program, utilizing tools such as Tenable Nessus/Tenable.io to regularly scan cloud assets and container images for known vulnerabilities. You will analyze scan results, prioritize remediation efforts, and work with relevant teams to address identified risks promptly.
• • As a subject matter expert in cloud security, you will collaborate closely with developers, DevOps engineers, and Site Reliability Engineers (SREs). You will provide guidance on secure cloud architecture, best practices for secure coding, and assist in threat modeling exercises. Your input will be crucial in reviewing new features and infrastructure designs to identify and mitigate potential security risks before they are deployed into production.
• • This role offers a unique opportunity to make a tangible impact on the security posture of a leading global SaaS company. You will contribute to building and maintaining a secure, scalable, and resilient cloud infrastructure that underpins Celonis' innovative Process Intelligence technology. Your expertise will directly protect our company and our customers from evolving cyber threats in a dynamic and fast-paced environment.