Apply on Employer Site

Celonis · 2 days ago

Senior Product Security Engineer

NYC Metro Area

Full-time

Hybrid

Senior Level

$161K/yr - $218K/yr

5+ years exp

Celonis is the global leader in Process Intelligence technology and one of the world's fastest-growing SaaS firms. They are seeking a Senior Product Security Engineer to assess and validate the security of their services and applications, mentor engineers, and lead security projects.

AnalyticsArtificial Intelligence (AI)Big DataBusiness IntelligenceBusiness Process Automation (BPA)SaaS

No H1B

Responsibilities

Conduct threat modeling, secure code reviews, and security assessments across web/native application, and infrastructure, proactively identifying vulnerabilities and providing clear recommendations to the development teams

Conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies

Review source code for potential security issues, writing security test cases to check for vulnerabilities or broken/missing security controls

Provide specific risk assessment and remediation guidelines for developers and business owners

Research the latest security best practices, trends, threats and vulnerabilities, and technology frameworks

Perform in-depth security review of new features. This includes identifying security vulnerabilities (including, but not limited to OWASP top ten), reviewing code in Java or C++, verifying security posture through source-assisted security assessments and penetration testing (using manual/automated techniques with tools such as Burp suite and Semgrep)

Partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes

Work on essential areas to develop security baseline for application, container, cloud, orchestration platforms, and integrate it into the CI/CD pipeline

Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (NIST controls, SOC2, etc.)

Lead complex security projects, from initial planning through execution and completion

Act as internal advocate and subject matter expert on secure software development practices

Lead secure development awareness communications and training initiatives

Qualification

Application SecurityThreat ModelingSecure Coding PracticesSecurity AssessmentsJavaC++Security ArchitectureNIST ControlsCommunication SkillsTeam CollaborationProject Management

Required

5+ years of previous experience in information security

3+ years of previous experience working within software development

A bachelor's degree in Computer Science/Information Security/Cyber Security or equivalent

Proven track record of performing secure design reviews and threat modeling on complex systems

Comprehensive knowledge of fundamental application security principles, secure coding practices, and common web application vulnerabilities, including those listed in OWASP Top 10

Excellent written and oral communication skills; ability to articulate and communicate risks to both technical and non-technical audiences

Demonstrated ability to work both independently and in cross-functional teams, effectively multitasking in a fast-paced environment

Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them

History of leading and delivering complex security projects