Consultant - Info Security Engineer

Job description

Responsibilities This is an outstanding opportunity to join Principal as a Consultant - Info Security Engineer. You will conduct security penetration testing on Principal applications deployed both on-premises and in cloud environments. This role is vital to ensuring our systems remain secure and function flawlessly. Key Responsibilities Perform manual security penetration assessments of internet-facing software and APIs maintained in both on-premises infrastructure and cloud environments using AWS services including S3 buckets, EC2 instances, Lambda functions, API Gateway, SNS, and others. Conduct security testing on thick client/desktop applications using tools like Echo Mirage, IDAPro, CFF Explorer, Dnspy, MS sys-internals, Wireshark, dotpeek, Ghidra. Prioritize Vulnerability Disclosure Program (VDP) and Bug Bounty reports, including detailed technical validation, consistent assessment of impact and severity, and fair evaluation of external security researcher submissions. Use CVSS scoring mechanism to assess the risk levels of identified vulnerabilities. Innovatively identify techniques to exploit vulnerabilities in applications and generate impactful proof-of-concepts (POCs). Communicate and document findings effectively, providing remediation mentorship to app-dev teams. Provide mentorship and support to peers and junior team members in vulnerability assessment techniques. Technical Qualifications 8-10 years of direct experience assessing the security of web applications, web APIs, thick client apps, mobile apps, and AWS…