Manager, Cloud Security

The Team:

Within our InfoSec organization, Our global security engineering team is responsible for designing, building, and enhancing the underlying security components that help with securing the Celonis Application and Platforms stacks. We think about both offensively and defensively. We continuously monitor our global security posture and are always adapting to the ever-changing threat landscape. The security engineering team is looking for talented subject matter experts in application, platform and offensive security.

The Role:

Provide strategic leadership and hands-on expertise to secure Celonis’ multi-cloud infrastructure (AWS, Azure, GCP). This Manager of Cloud Security will drive the cloud security strategy, ensuring robust protection of our SaaS platform. You will lead a team of security engineers, setting best practices and fostering a culture of security excellence. The role balances high-level strategy with deep technical involvement in day-to-day cloud security operations.

The work you’ll do:

• Leadership & Strategy: Lead, mentor, and develop a team of cloud security engineers. Implement the cloud security roadmap and ensure alignment with Celonis’ business goals and risk posture.
• Cloud Security Controls: Design and implement security controls across AWS, Azure, and GCP environments. Continuously enhance our cloud security posture management (CSPM) program to identify and remediate risks in configurations and policies.
• Container & Kubernetes Security: Oversee security for containerized applications and Kubernetes clusters (EKS, AKS, GKE). Establish best practices for container image security, pod security policies, and cluster network segmentation to protect our microservices.
• Tools Integration: Integrate and manage advanced security tools into our infrastructure. This includes solutions like Teleport for secure access management and Tenable for vulnerability scanning and management. Ensure these tools are effectively used to protect cloud endpoints, and refine their configurations to fit Celonis’ environment.
• Cross-Team Collaboration: Work closely with security automation, enterprise security, and engineering teams to embed security into CI/CD pipelines and infrastructure provisioning. Champion a secure guardrails approach—automating security checks and educating teams to build secure systems from the ground up.
• Incident Response & Compliance: Collaborate with Security Operations to respond to cloud security incidents, performing root-cause analysis and implementing preventive measures. Ensure cloud architectures meet and industry benchmarks and participate in audits as needed.

The qualifications you need:

• Extensive Cloud Security Experience: Over 7 years of hands-on experience in information security, specializing in securing cloud infrastructure across AWS, Azure, and GCP. Demonstrated managerial experience (3-5 years) leading security teams, driving the implementation of best practices, and securing cloud services in production environments. Proven ability to manage complex security projects, mentor team members, and deliver scalable security solutions across multi-cloud platforms.
• Technical Expertise: Deep expertise in identity and access management (IAM), network security (VPCs, security groups, firewalls), and container security, including hands-on experience with Container Network Interfaces (CNI) such as Cilium. Extensive practical experience securing Kubernetes orchestrations and container ecosystems. Proficient with infrastructure-as-code tools (Terraform, CloudFormation) and automation/scripting (Python, Bash) to enforce scalable, automated security measures. Experienced in offensive cloud security assessments using tools such as ScoutSuite, Prowler, CloudSploit, Pacu, and similar cloud security auditing utilities, with the ability to proactively identify and remediate vulnerabilities.
• Leadership Skills: Demonstrated ability to lead and mentor security teams or projects. Strong project management and communication skills to articulate risks and influence technical and non-technical stakeholders.
• Security Best Practices: Up-to-date understanding of modern cloud security practices and frameworks (zero-trust networking, principle of least privilege, threat modeling for cloud). Experience implementing monitoring and alerting for cloud environments (CloudTrail, Azure Monitor, GCP Cloud Logging) and interpreting the results to improve security.
• Education & Certifications: Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field is beneficial. Relevant certifications (CISSP, CISM, cloud security certs) are nice-to-have but not required – we value practical expertise and achievements more.

Preferred Qualifications:

• SaaS Environment Experience: Experience working in a high-growth SaaS company or similar cloud-driven environment. Understanding the security challenges of a multi-tenant cloud service and how to address them.
• Security Automation: Passion for automation and using code to solve security problems. Experience building security guardrails or self-service tools that enable developers to deploy securely (DevSecOps mindset).
• Tool Familiarity: Hands-on experience with tools such as Teleport (for secure access and identity management in infrastructure) and Tenable/Nessus (for vulnerability management) is highly desirable. Familiarity with other cloud security platforms or services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center) is a plus.
• Continuous Improvement: Demonstrated habit of staying current with emerging cloud security trends and threats. Participation in security communities or contributions to open-source security projects show a plus.