Principal Security Engineer

Principal Security Engineer - India - Cybersecurity Engineering:

The Principal Security Engineer is ahands-on role that blends cloud security engineering with security operationsand threat intelligence. This position plays an integral role in protecting CornerstoneOnDemand from internal and external threats, partnering closely withtechnology, product, and operations teams to define and enforce security bestpractices, automate controls, assess risks, and proactively detect,investigate, and respond to threats across the enterprise.

In this role you will..

• Lead security operations functions including detection engineering, monitoring, incident response, and threat hunting across cloud and enterprise environments.
• Analyze and improve Cornerstone's security architecture.
• Evaluate, select and implement new security tools and practices.
• Develop and deploy automated security controls leveraging the security toolchain to detect, prevent, and remediate threats.
• Contribute to open-source threat intelligence initiatives.
• Conduct threat modeling, vulnerability assessments, penetration testing, and red/purple team exercises to uncover and remediate risks.
• Drive threat intelligence initiatives by ingesting and correlating intel feeds, monitoring dark web sources, and leveraging external attack surface monitoring and security rating services (e.g., Security Scorecard, BitSight).
• Proactively hunt for malicious or anomalous activity in EDR, SIEM, and cloud telemetry to identify evolving attacker tactics, techniques, and procedures (TTPs).
• Coordinate and lead investigations into security incidents, collaborating with SOC, IT, DevOps, and product teams to ensure timely response and recovery.
• Perform security architecture and design reviews with engineering teams to integrate security standards into development and deployment lifecycles.
• Provide security recommendations for cloud infrastructure, enterprise IT, and SaaS services, defining and enforcing policies and standards.
• Stay current on adversary trends, industry threat reports, and emerging attack vectors to continually improve detection and prevention capabilities.
• Provide hands-on support across a wide range ofsecurity technologies, including EDR, SIEM, IDS/IPS, vulnerability managementtools, container/Kubernetes security, and automation frameworks.

• A degree in Cybersecurity, Information Security, Computer Science, or a related technical field, or equivalent work experience.
• Industry recognized certifications are a plus. Certifications may include CISSP, CISM, CEH, CompTIA Security+, certifications issued by the SANS Institute, public cloud providers (AWS, GCP) etc.
• 7+ years of experience in security engineering, operations, and/or threat intelligence.
• Strong understanding of incident response, SOC operations, detection engineering, and cyber kill chain/ATT&CK framework.
• Proven experience with EDR platforms (e.g., CrowdStrike, SentinelOne, Carbon Black), SIEM solutions (Splunk, ELK, Chronicle), and cloud-native monitoring tools.
• Experience with dark web monitoring, external attack surface management (ASM), and third-party risk/security rating platforms.
• Deep knowledge of vulnerability management platforms (e.g., Qualys, Tenable, Rapid7) and risk-based prioritization approaches.
• Strong background in networking concepts and protocols (TCP/IP, HTTP, DNS, TLS) and security technologies (firewalls, IDS/IPS, cryptography, IAM).
• Hands-on experience with AWS and GCP security services; Azure familiarity a plus.
• Demonstrated ability to automate detection, response, and remediation workflows.
• Excellent problem-solving, analytical, and communication skills with the ability to influence technical and executive stakeholders.