Senior Security Automation Engineer

The  Team:

Within our InfoSec organization, Our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is looking for talented subject matter experts in application, platform and offensive security.

The Role:

The Senior Security Automation Engineer is a technical role focused on integrating automated security practices into our software development lifecycle. You will architect and implement automated security solutions within our CI/CD pipelines, ensuring vulnerabilities are identified and resolved early. Sitting at the intersection of development, operations, and security, this role requires strong programming skills, deep security knowledge, and a passion for building scalable, automated security processes

The work you’ll do:

• Security Integration in CI/CD: Embed automated security scans (SAST, DAST, SCA, container scanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI). Implement “fail-fast” deployment gates for high-severity security findings.
• Develop and Maintain Security Tooling: Build custom integrations and scripts (Python, Go, or similar) for third-party security tools (Snyk, Checkmarx, Semgrep, Trivy). Enhance code review, threat modeling, and vulnerability management processes with the Product Security team.
• Infrastructure as Code Security: Secure Infrastructure as Code (IaC) deployments leveraging tools like Terraform, CloudFormation, and Checkov. Automate baseline security checks (CIS benchmarks, best practices) for cloud resources.
• SBOM & Supply Chain Security: Implement and maintain Software Bill of Materials (SBOMs) using tools such as Syft or CycloneDX. Establish build signing and artifact verification (Cosign, GPG) to protect software supply chains.
• Collaboration & Training: Partner closely with Cloud Security Engineers to address cloud application vulnerabilities and coordinate remediation. Provide security best practices and guidance to development teams on secure coding and secure CI/CD processes.
• Continuous Improvement & Research: Stay current on emerging threats and DevSecOps tooling. Proactively propose improvements to existing security automation and tooling.

The qualifications you’ll need:

• Security Automation Experience: 5+ years in security engineering or DevSecOps, emphasizing security automation. Proven expertise integrating SAST, DAST, and SCA into CI/CD pipelines.
• Strong Coding & Scripting: Proficient in Python, Go, or similar scripting languages. Experienced using Git and version control best practices.
• Container & Kubernetes Security: Experience with container technologies (Docker, Kubernetes) and container security scanning tools (Trivy, Aqua).
• Cloud Infrastructure & IaC: Proficiency Infrastructure as Code frameworks (Terraform, CloudFormation).
• Application Security Knowledge: Solid understanding of OWASP Top 10 vulnerabilities and best practices in application security.

Preferred Qualifications:

• Supply Chain Security Expertise: Familiarity with SBOM tooling (Syft, CycloneDX) and build-signing technologies (Cosign, GPG).
• Advanced DevSecOps Practices: Knowledge of “Security as Code” and “Policy as Code” approaches (OPA, Conftest).
• Community Engagement: Contributions to open-source security projects or active participation in security communities.
• Collaborative Communication: Excellent communication skills to articulate complex security issues to both technical and non-technical colleagues. Experience writing security documentation or standard operating procedures, and fostering a culture of security awareness within teams.