Principal Cyber Security Engineer

About Us

HighRadius, a renowned provider of cloud-based Autonomous Software for the Office of the CFO, has transformed critical financial processes for over 800+ leading companies worldwide. Trusted by prestigious organizations like 3M, Unilever, Anheuser-Busch InBev, Sanofi, Kellogg Company, Danone, Hershey's, and many others, HighRadius optimizes order-to-cash, treasury, and record-to-report processes, earning us back-to-back recognition in Gartner's Magic Quadrant and a prestigious spot in Forbes Cloud 100 List for three consecutive years.

Job Title: Sr. Principal Security Engineer

Team:

Job Summary:

We are seeking a highly experienced and technically proficient Sr. Principal Security Engineer to lead the offensive security efforts for our applications and platforms. This role is a hands-on, individual contributor position focused on proactive threat emulation, vulnerability research, and full-scope red team operations. You will be responsible for identifying and exploiting complex vulnerabilities across our web applications, APIs, and cloud infrastructure, while simultaneously acting as the top-tier subject matter expert to mentor developers and integrate advanced security controls into the CI/CD pipeline.

Responsibilities:

• Adversary Simulation & Red Team Operations:

  Plan and execute sophisticated red team operations and adversary emulation exercises to test the resilience of our applications, infrastructure, and defensive capabilities.

• Advanced Penetration Testing:

  Conduct comprehensive, manual penetration tests and vulnerability assessments, with a focus on discovering business logic flaws and zero-day vulnerabilities in web applications, APIs, and microservices.

• Secure Development Lifecycle:

  Embed security into the SDLC by performing in-depth code reviews, leading threat modeling workshops (e.g., using STRIDE or PASTA), and providing technical guidance to development teams on remediation of OWASP Top 10 and other critical security issues.

• Security Tooling & Automation:

  Evaluate, integrate, and manage advanced security testing tools (e.g.,

  Burp Suite Enterprise, SAST, DAST, and SCA

  ) into the CI/CD pipeline to automate security checks and maintain continuous security posture.

• Vulnerability Research:

  Stay current with the latest exploits, attack vectors, and security research. Develop custom exploits and scripts using languages like Python or Go to simulate real-world attacks.

Required Qualifications:

• Experience:

• 7-10+ years of progressive experience in cybersecurity, with at least 3 years in a dedicated offensive security, red team, or advanced penetration testing role.
• Demonstrated experience with a wide range of attack methodologies and a proven track record of discovering and exploiting complex vulnerabilities.

• Technical Expertise:

• Expert-level proficiency with manual penetration testing tools, including

  Burp Suite Professional, Metasploit, and Cobalt Strike

  .
• Strong practical knowledge of exploit development, reverse engineering, and hands-on experience with at least one scripting language (

  Python, Go, JavaScript, or Bash

  ).
• In-depth understanding of web application vulnerabilities, including the

  OWASP Top 10, CWE, and CVE databases

  .
• Experience securing cloud environments (

  AWS, Azure, GCP

  ) and working with containerization technologies (

  Docker, Kubernetes

  ).
• Familiarity with both dynamic and static application security testing (DAST and SAST) methodologies.

• Soft Skills & Education:

• Exceptional problem-solving, analytical, and critical-thinking skills.
• Excellent communication and mentoring skills, with the ability to explain complex technical vulnerabilities to both technical and non-technical audiences.

Certifications (Highly Desired):

• Offensive Security Certified Professional (OSCP)

• Offensive Security Certified Expert 3 (OSCE3)

• GIAC Penetration Tester (GPEN)

  or

  GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

• eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)

• CISSP