Lead Info Security Engineer

Responsibilities Are you ready to make a significant impact in the world of information security? Principal is seeking a Lead Info Security Engineer to join our outstanding team in Hyderabad, Telangana, India. This is an outstanding opportunity to work with world-class professionals and contribute to the security of Principal's innovative applications, both on-premises and in the cloud. Key Responsibilities Perform manual Security Penetration Testing of web applications and APIs hosted on-premises and in cloud environments using AWS services such as S3, EC2, Lambda, API Gateway, and SNS. Perform security testing of Thick Client/Desktop applications by applying re-engineering techniques and tools such as Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, and ghidra. Assess and triage Vulnerability Disclosure Program (VDP) and Bug Bounty reports, including technical validation, impact assessment, severity evaluation, and fair assessment of external security researcher submissions. Apply CVSS scoring mechanisms to resolve risk levels of identified vulnerabilities. Innovatively exploit vulnerabilities in applications and generate impactful Proof of Concepts (POCs) to guide app development teams in remediation efforts. Document findings and updates thoroughly, providing superb communication and report writing skills. Mentor and guide peers and junior team members, encouraging a collaborative and learning-focused environment. Technical Qualifications 7-9 years of practical experience in security testing of web applications, web APIs, Thick Client apps, mobile apps, and AWS services, preferably within the finance domain. Expertise in using Web/API testing tools such as Burp Suite, Postman, and OWASP ZAP, and advanced security testing tools on Kali. In-depth knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25) and programming patterns leading to them, along with remediation techniques. AWS Cloud Practitioner or other cloud certifications are advantageous. Security-related certifications like C|EH, CPent are a plus. Plus/Good to Have Experience in assessing the security of AI applications. Familiarity with server-less architectures and micro-services on AWS. We are looking for someone who can work independently as well as collaboratively within a team. Your ability to think creatively and out-of-the-box to identify new techniques for exploiting vulnerabilities is crucial to our success! Join us at Principal and play a pivotal role in securing our applications while working with a team that values your expertise and encourages your growth. Qualifications Working Hours 4:30 PM – 1:30 AM IST to provide support to the US and LatAM collaborators. If you are passionate about information security and looking to make an impact in a collaborative and high-reaching environment, Principal is the place for you! Qualifications Education: Bachelor’s degree in Engineering or a related field, or equivalent experience. Additional Information Our Engineering Culture Through our product-driven Agile/Lean DevOps environment, we’ve fostered a culture of innovation and experimentation across our development teams. As a customer-focused organization, we work closely with our end users and product owners to understand and rapidly respond to emerging business needs. Collaboration is embedded into everything we do – from the products we develop to the quality service we provide. We’re driven by the belief that diversity of thought, background, and perspective is critical to creating the best products and experiences for our customers. Experience Principal At Principal, we value connecting on both a personal and professional level. Together, we’re imagining a more purpose-led future for financial services – and that starts with you. Our success depends on the unique experiences, backgrounds, and talents of our employees. And we support our employees the same way we support our customers: with comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being. Check out our careers site to learn more about our purpose, values and benefits. Principal is an Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Are you ready to make a significant impact in the world of information security? Principal is seeking a Lead Info Security Engineer to join our outstanding team in Hyderabad, Telangana, India. This is an outstanding opportunity to work with world-class professionals and contribute to the security of Principal's innovative applications, both on-premises and in the cloud. Key Responsibilities Perform manual Security Penetration Testing of web applications and APIs hosted on-premises and in cloud environments using AWS services such as S3, EC2, Lambda, API Gateway, and SNS. Perform security testing of Thick Client/Desktop applications by applying re-engineering techniques and tools such as Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, and ghidra. Assess and triage Vulnerability Disclosure Program (VDP) and Bug Bounty reports, including technical validation, impact assessment, severity evaluation, and fair assessment of external security researcher submissions. Apply CVSS scoring mechanisms to resolve risk levels of identified vulnerabilities. Innovatively exploit vulnerabilities in applications and generate impactful Proof of Concepts (POCs) to guide app development teams in remediation efforts. Document findings and updates thoroughly, providing superb communication and report writing skills. Mentor and guide peers and junior team members, encouraging a collaborative and learning-focused environment. Technical Qualifications 7-9 years of practical experience in security testing of web applications, web APIs, Thick Client apps, mobile apps, and AWS services, preferably within the finance domain. Expertise in using Web/API testing tools such as Burp Suite, Postman, and OWASP ZAP, and advanced security testing tools on Kali. In-depth knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25) and programming patterns leading to them, along with remediation techniques. AWS Cloud Practitioner or other cloud certifications are advantageous. Security-related certifications like C|EH, CPent are a plus. Plus/Good to Have Experience in assessing the security of AI applications. Familiarity with server-less architectures and micro-services on AWS. We are looking for someone who can work independently as well as collaboratively within a team. Your ability to think creatively and out-of-the-box to identify new techniques for exploiting vulnerabilities is crucial to our success! Join us at Principal and play a pivotal role in securing our applications while working with a team that values your expertise and encourages your growth. Working Hours 4:30 PM – 1:30 AM IST to provide support to the US and LatAM collaborators. If you are passionate about information security and looking to make an impact in a collaborative and high-reaching environment, Principal is the place for you! Qualifications Education: Bachelor’s degree in Engineering or a related field, or equivalent experience.