Principal Cyber Security Engineer

About Us HighRadius, a renowned provider of cloud-based Autonomous Software for the Office of the CFO, has transformed critical financial processes for over 800+ leading companies worldwide. Trusted by prestigious organizations like 3M, Unilever, Anheuser-Busch InBev, Sanofi, Kellogg Company, Danone, Hershey's, and many others, HighRadius optimizes order-to-cash, treasury, and record-to-report processes, earning us back-to-back recognition in Gartner's Magic Quadrant and a prestigious spot in Forbes Cloud 100 List for three consecutive years. With a remarkable valuation of $3.1B and an impressive annual recurring revenue exceeding $100M, we experience a robust year-over-year growth of 24%. With a global presence spanning 8+ locations and a recent addition in Poland, we're in the pre-IPO stage, poised for rapid growth. We invite passionate and diverse individuals to join us on this exciting path to becoming a publicly traded company and shape our promising future. Job Title: Sr. Principal Security Engineer Team: Product Security / Offensive Security Job Summary: We are seeking a highly experienced and technically proficient Sr. Principal Security Engineer to lead the offensive security efforts for our applications and platforms. This role is a hands-on, individual contributor position focused on proactive threat emulation, vulnerability research, and full-scope red team operations. You will be responsible for identifying and exploiting complex vulnerabilities across our web applications, APIs, and cloud infrastructure, while simultaneously acting as the top-tier subject matter expert to mentor developers and integrate advanced security controls into the CI/CD pipeline. Responsibilities: Adversary Simulation & Red Team Operations: Plan and execute sophisticated red team operations and adversary emulation exercises to test the resilience of our applications, infrastructure, and defensive capabilities. Advanced Penetration Testing: Conduct comprehensive, manual penetration tests and vulnerability assessments, with a focus on discovering business logic flaws and zero-day vulnerabilities in web applications, APIs, and microservices. Secure Development Lifecycle: Embed security into the SDLC by performing in-depth code reviews, leading threat modeling workshops (e.g., using STRIDE or PASTA), and providing technical guidance to development teams on remediation of OWASP Top 10 and other critical security issues. Security Tooling & Automation: Evaluate, integrate, and manage advanced security testing tools (e.g., Burp Suite Enterprise, SAST, DAST, and SCA ) into the CI/CD pipeline to automate security checks and maintain continuous security posture. Vulnerability Research: Stay current with the latest exploits, attack vectors, and security research. Develop custom exploits and scripts using languages like Python or Go to simulate real-world attacks. Required Qualifications: Experience: 7-10+ years of progressive experience in cybersecurity, with at least 3 years in a dedicated offensive security, red team, or advanced penetration testing role. Demonstrated experience with a wide range of attack methodologies and a proven track record of discovering and exploiting complex vulnerabilities. Technical Expertise: Expert-level proficiency with manual penetration testing tools, including Burp Suite Professional, Metasploit, and Cobalt Strike . Strong practical knowledge of exploit development, reverse engineering, and hands-on experience with at least one scripting language (Python, Go, JavaScript, or Bash ). In-depth understanding of web application vulnerabilities, including the OWASP Top 10, CWE, and CVE databases . Experience securing cloud environments (AWS, Azure, GCP ) and working with containerization technologies (Docker, Kubernetes ). Familiarity with both dynamic and static application security testing (DAST and SAST) methodologies. Soft Skills & Education: Exceptional problem-solving, analytical, and critical-thinking skills. Excellent communication and mentoring skills, with the ability to explain complex technical vulnerabilities to both technical and non-technical audiences. Certifications (Highly Desired): Offensive Security Certified Professional (OSCP) Offensive Security Certified Expert 3 (OSCE3) GIAC Penetration Tester (GPEN) or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2) CISSP