Celonis
Sr Enterprise Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Celonis
Celonis is a German software company founded in 2011, known for its pioneering work in process mining technology. The company has developed a comprehensive Process Intelligence Platform that helps businesses analyze, optimize, and manage their processes using data from IT systems. Headquartered in Munich, Celonis has grown to over 3,000 employees and operates in more than 25 offices worldwide. The company offers an execution management software suite that includes process mining, a cloud-based Process Intelligence Platform, and an Execution Management System. These tools provide insights into workflows, identify inefficiencies, and enable data-driven process control. Celonis has a strong market presence, serving over 5,000 enterprise customers, including many large organizations and three-quarters of DAX-listed companies. The company has achieved significant milestones, including unicorn status in 2018 and decacorn status in 2021, with a valuation of $13 billion as of 2022.
Security at Celonis
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Celonis's AppSec philosophy includes a mission for their global Infosec team to ensure trust and protection, adopting a customer-first mindset for information security, and thinking about security both offensively and defensively.
- Stated goals include building security automation and integrating mitigation controls into continuous integration, delivery, and deployment processes.
- A noted gap is that while an Application Security team is listed, no open AppSec roles were found on the company careers portal.
Security Team
Celonis's global information security organization is responsible for security and trust, comprising five teams: DevSecOps, Application Security, Platform Security, Offensive Security, and Vulnerability Management. The Chief Information Security Officer (CISO), Omesh Agam, reports directly to Nominacher. Other key public-facing individuals include Devin Dwyer (Product Security @ Celonis) and Joseph Green (Staff Security Program Manager at Celonis). The team size estimate is not publicly available. As of, there were no active AppSec job postings on the company's careers page, though a Senior Product Security Engineer job was posted on a third-party site on. Common skill patterns from job postings include conducting threat modeling, secure code reviews, security assessments, and using tools like Burp Suite and Semgrep. Gaps include overall team headcount, embedded vs. centralized operational model, and published AppSec SLAs.
Key Initiatives
There is no public evidence found for a Security Champions Program at Celonis. 'Shift Left' practices include reviewing source code for potential security issues and integrating mitigation controls into continuous integration. The vulnerability management process involves performing penetration testing for intake, but triage and remediation details (SLAs, MTTR, ticketing ownership) are not publicly available. Secure SDLC artifacts include conducting threat modeling, secure code reviews, security assessments, and security architecture reviews of the application stack. Information on recent initiatives (last 6 months) is not publicly available. Gaps include descriptions of a Security Champions program, documented triage SLAs, and recent public announcements of new AppSec tooling rollouts.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.