Principal Cyber Security Engineer

About Us

HighRadius, a renowned provider of cloud-based Autonomous Software for the Office of the CFO, has transformed critical financial processes for over 800+ leading companies worldwide. Trusted by prestigious organizations like 3M, Unilever, Anheuser-Busch InBev, Sanofi, Kellogg Company, Danone, Hershey's, and many others, HighRadius optimizes order-to-cash, treasury, and record-to-report processes, earning us back-to-back recognition in Gartner's Magic Quadrant and a prestigious spot in Forbes Cloud 100 List for three consecutive years.

With a remarkable valuation of $3.1B and an impressive annual recurring revenue exceeding $100M, we experience a robust year-over-year growth of 24%. With a global presence spanning 8+ locations and a recent addition in Poland, we're in the pre-IPO stage, poised for rapid growth. We invite passionate and diverse individuals to join us on this exciting path to becoming a publicly traded company and shape our promising future.

Job Title: Sr. Principal Security Engineer

Team: Product Security / Offensive Security

Job Summary:

We are seeking a highly experienced and technically proficient Sr. Principal Security Engineer to lead the offensive security efforts for our applications and platforms. This role is a hands-on, individual contributor position focused on proactive threat emulation, vulnerability research, and full-scope red team operations. You will be responsible for identifying and exploiting complex vulnerabilities across our web applications, APIs, and cloud infrastructure, while simultaneously acting as the top-tier subject matter expert to mentor developers and integrate advanced security controls into the CI/CD pipeline.

Responsibilities:

• Adversary Simulation & Red Team Operations: Plan and execute sophisticated red team operations and adversary emulation exercises to test the resilience of our applications, infrastructure, and defensive capabilities.

• Advanced Penetration Testing: Conduct comprehensive, manual penetration tests and vulnerability assessments, with a focus on discovering business logic flaws and zero-day vulnerabilities in web applications, APIs, and microservices.

• Secure Development Lifecycle: Embed security into the SDLC by performing in-depth code reviews, leading threat modeling workshops (e.g., using STRIDE or PASTA), and providing technical guidance to development teams on remediation of OWASP Top 10 and other critical security issues.

• Security Tooling & Automation: Evaluate, integrate, and manage advanced security testing tools (e.g., Burp Suite Enterprise, SAST, DAST, and SCA) into the CI/CD pipeline to automate security checks and maintain continuous security posture.

• Vulnerability Research: Stay current with the latest exploits, attack vectors, and security research. Develop custom exploits and scripts using languages like Python or Go to simulate real-world attacks.

Required Qualifications:

• Experience:

• 7-10+ years of progressive experience in cybersecurity, with at least 3 years in a dedicated offensive security, red team, or advanced penetration testing role.

• Demonstrated experience with a wide range of attack methodologies and a proven track record of discovering and exploiting complex vulnerabilities.

• Technical Expertise:

• Expert-level proficiency with manual penetration testing tools, including Burp Suite Professional, Metasploit, and Cobalt Strike.

• Strong practical knowledge of exploit development, reverse engineering, and hands-on experience with at least one scripting language (Python, Go, JavaScript, or Bash).

• In-depth understanding of web application vulnerabilities, including the OWASP Top 10, CWE, and CVE databases.

• Experience securing cloud environments (AWS, Azure, GCP) and working with containerization technologies (Docker, Kubernetes).

• Familiarity with both dynamic and static application security testing (DAST and SAST) methodologies.

• Soft Skills & Education:

• Exceptional problem-solving, analytical, and critical-thinking skills.

• Excellent communication and mentoring skills, with the ability to explain complex technical vulnerabilities to both technical and non-technical audiences.

Certifications (Highly Desired):

• Offensive Security Certified Professional (OSCP)

• Offensive Security Certified Expert 3 (OSCE3)

• GIAC Penetration Tester (GPEN) or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

• eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)

• CISSP