Principal Security Engineer

Were looking for a

This role is

• Lead security operations functions including detection engineering, monitoring, incident response, and threat hunting across cloud and enterprise environments.
• Analyze and improve Cornerstone s security architecture.
• Evaluate, select and implement new security tools and practices.
• Develop and deploy automated security controls leveraging the security toolchain to detect, prevent, and remediate threats.
• Contribute to open-source threat intelligence initiatives.
• Conduct threat modeling, vulnerability assessments, penetration testing, and red/purple team exercises to uncover and remediate risks.
• Drive threat intelligence initiatives by ingesting and correlating intel feeds, monitoring dark web sources, and leveraging external attack surface monitoring and security rating services (e.g., Security Scorecard, BitSight).
• Proactively hunt for malicious or anomalous activity in EDR, SIEM, and cloud telemetry to identify evolving attacker tactics, techniques, and procedures (TTPs).
• Coordinate and lead investigations into security incidents, collaborating with SOC, IT, DevOps, and product teams to ensure timely response and recovery.
• Perform security architecture and design reviews with engineering teams to integrate security standards into development and deployment lifecycles.
• Provide security recommendations for cloud infrastructure, enterprise IT, and SaaS services, defining and enforcing policies and standards.
• Stay current on adversary trends, industry threat reports, and emerging attack vectors to continually improve detection and prevention capabilities.
• Provide hands-on support across a wide range of security technologies, including EDR, SIEM, IDS/IPS, vulnerability management tools, container/Kubernetes security, and automation frameworks.

You ve got what it takes if you have

• A degree in Cybersecurity, Information Security, Computer Science, or a related technical field, or equivalent work experience.
• Industry recognized certifications are a plus. Certifications may include CISSP, CISM, CEH, CompTIA Security+, certifications issued by the SANS Institute, public cloud providers (AWS, GCP) etc.
• 7+ years of experience in security engineering, operations, and/or threat intelligence.
• Strong understanding of incident response, SOC operations, detection engineering, and cyber kill chain/ATT&CK framework.
• Proven experience with EDR platforms (e.g., CrowdStrike, SentinelOne, Carbon Black), SIEM solutions (Splunk, ELK, Chronicle), and cloud-native monitoring tools.
• Experience with dark web monitoring, external attack surface management (ASM), and third-party risk/security rating platforms.
• Deep knowledge of vulnerability management platforms (e.g., Qualys, Tenable, Rapid7) and risk-based prioritization approaches.
• Strong background in networking concepts and protocols (TCP/IP, HTTP, DNS, TLS) and security technologies (firewalls, IDS/IPS, cryptography, IAM).
• Hands-on experience with AWS and GCP security services; Azure familiarity a plus.
• Demonstrated ability to automate detection, response, and remediation workflows.
• Excellent problem-solving, analytical, and communication skills with the ability to influence technical and executive stakeholders.