Consultant - Info Security Engineer

Responsibilities This is an outstanding opportunity to join Principal as a Consultant - Info Security Engineer. You will conduct security penetration testing on Principal applications deployed both on-premises and in cloud environments. This role is vital to ensuring our systems remain secure and function flawlessly. Key Responsibilities Perform manual security penetration assessments of internet-facing software and APIs maintained in both on-premises infrastructure and cloud environments using AWS services including S3 buckets, EC2 instances, Lambda functions, API Gateway, SNS, and others. Conduct security testing on thick client/desktop applications using tools like Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, Ghidra. Prioritize Vulnerability Disclosure Program (VDP) and Bug Bounty reports, including detailed technical validation, consistent assessment of impact and severity, and fair evaluation of external security researcher submissions. Use CVSS scoring mechanism to assess the risk levels of identified vulnerabilities. Innovatively identify techniques to exploit vulnerabilities in applications and generate impactful proof-of-concepts (POCs). Communicate and document findings effectively, providing remediation mentorship to app-dev teams. Provide mentorship and support to peers and junior team members in vulnerability assessment techniques. Technical Qualifications 8-10 years of direct experience assessing the security of web applications, web APIs, thick client apps, mobile apps, and AWS services, preferably within the finance sector. Experience with web/API testing tools such as Burp Suite, Postman, OWASP ZAP, and advanced security testing tools on Kali Linux. Sound knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25, etc.) and programming patterns leading to them, as well as remediation techniques. AWS Cloud Practitioner Certification or other cloud certifications are beneficial. Security-related certifications such as C|EH, CPent, etc., are a plus. Plus/Good to Have Experience in conducting security assessments of AI applications. Experience with server-less architectures and micro-services on AWS. Qualifications Working Hours 4:30 PM – 1:30 AM IST to provide support to the US and LatAM collaborators. If you are passionate about information security and looking to make an impact in a collaborative and high-reaching environment, Principal is the place for you! Qualifications Education: Bachelor’s degree in Engineering or a related field, or equivalent experience. Additional Information Our Engineering Culture Through our Agile/Lean DevOps environment centered on delivering quality solutions, we’ve fostered a culture of innovation and experimentation across our development teams. As a customer-focused organization, we work closely with our end users and product owners to understand and rapidly respond to emerging business needs. Collaboration is embedded into everything we do – from the products we develop to the quality service we provide. We’re driven by the belief that diversity of thought, background, and perspective is critical to crafting the best products and experiences for our customers. Experience Principal At Principal, we value connecting on both a personal and professional level. Together, we’re imagining a more purpose-led future for financial services – and that starts with you. Our success depends on the outstanding experiences, backgrounds, and talents of our employees. And we support our employees the same way we support our customers: with comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being. Check out our careers site to learn more about our purpose, values and benefits. Principal is an Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. This is an outstanding opportunity to join Principal as a Consultant - Info Security Engineer. You will conduct security penetration testing on Principal applications deployed both on-premises and in cloud environments. This role is vital to ensuring our systems remain secure and function flawlessly. Key Responsibilities Perform manual security penetration assessments of internet-facing software and APIs maintained in both on-premises infrastructure and cloud environments using AWS services including S3 buckets, EC2 instances, Lambda functions, API Gateway, SNS, and others. Conduct security testing on thick client/desktop applications using tools like Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, Ghidra. Prioritize Vulnerability Disclosure Program (VDP) and Bug Bounty reports, including detailed technical validation, consistent assessment of impact and severity, and fair evaluation of external security researcher submissions. Use CVSS scoring mechanism to assess the risk levels of identified vulnerabilities. Innovatively identify techniques to exploit vulnerabilities in applications and generate impactful proof-of-concepts (POCs). Communicate and document findings effectively, providing remediation mentorship to app-dev teams. Provide mentorship and support to peers and junior team members in vulnerability assessment techniques. Technical Qualifications 8-10 years of direct experience assessing the security of web applications, web APIs, thick client apps, mobile apps, and AWS services, preferably within the finance sector. Experience with web/API testing tools such as Burp Suite, Postman, OWASP ZAP, and advanced security testing tools on Kali Linux. Sound knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25, etc.) and programming patterns leading to them, as well as remediation techniques. AWS Cloud Practitioner Certification or other cloud certifications are beneficial. Security-related certifications such as C|EH, CPent, etc., are a plus. Plus/Good to Have Experience in conducting security assessments of AI applications. Experience with server-less architectures and micro-services on AWS. Working Hours 4:30 PM – 1:30 AM IST to provide support to the US and LatAM collaborators. If you are passionate about information security and looking to make an impact in a collaborative and high-reaching environment, Principal is the place for you! Qualifications Education: Bachelor’s degree in Engineering or a related field, or equivalent experience.