Principal Security Engineer

About HighspotHighspot is a software product development company and a recognized global leader in the sales enablement category, leveraging cutting-edge AI and GenAI technologies at the core of its robust Software-as-a-Service (SaaS) platform. Highspot is revolutionizing how millions of individuals work worldwide. Through its AI-powered platform, Highspot drives enterprise transformation to empower sales teams through intelligent content management, training, contextual guidance, customer engagement, meeting intelligence, and actionable analytics. The Highspot platform delivers advanced features tailored to business needs, in a modern design that sales and marketing executives appreciate and is the #1 rated sales enablement platform on G2 Crowd.
While headquartered in Seattle, Highspot has expanded its footprint across America, Canada, the UK, Germany, Australia, and now India, solidifying its presence in the Asia Pacific markets.
About the RoleWe’re building a world-class global Security team as part of our Trust Program. We're seeking an experienced, adaptive and solutions-oriented Principal Security Engineer to join our expanding global Security Team at Highspot Hyderabad.  As our engineering presence scales globally, we’re expanding our security footprint in our India Engineering hub to strengthen our 24/7 security coverage and deepen our ability to meet the evolving needs of our customers and product teams worldwide. You will help shape the operational direction of our security efforts in India. In this senior-level, cross-functional role, you'll contribute to both strategic direction and execution across multiple security domains- including application security, infrastructure scanning, security operations, and incident response. Your responsibilities include leading critical security initiatives, building partnerships with and mentor peers and leaders to foster a collaborative security-centered culture, drive proactive product security improvements and reviews, conducting advanced penetration tests, managing complex security incidents, and continuously enhancing our detection and response capabilities. Collaborate across regions and functions by partnering with security, IT, product engineering, and infrastructure teams globally including local and US-based colleagues to drive alignment, execution, and shared ownership of priorities. Your mentorship and technical expertise will directly influence the security posture of our product, our customers, and the broader organization. This role is integral to fostering an inclusive, collaborative, and globally-distributed security culture.

Responsibilities

• Lead comprehensive application security assessments, advanced threat modeling sessions, and secure code reviews across critical product features, internal tooling, endpoints, and third-party integrations.
• Collaborate strategically with product engineering to establish and enhance secure-by-default and privacy-by-design practices within the software development lifecycle (SDLC).
• Lead and otherwise participate in incident detection, investigation, triage, containment, and root cause analysis for high impact security incidents, providing mentorship and guidance to junior engineers as required. 
• Drive the development and continuous improvement of sophisticated detection rules, response automation, and optimized alert management across cloud environments, corporate infrastructure, and SaaS platforms.
• Lead and participate in complex vulnerability remediation processes, and effectively respond to security issues discovered by both internal teams and external sources.
• Document technical findings and  strategic decisions in a clear and accessible manner, and procedural enhancements; significantly contribute to comprehensive security playbooks and knowledge repositories.
• Manage and oversee asksecurity@ request handling, and actively participate in sprint-based security activities, balancing strategic and tactical execution.
• Actively participate in the security on-call rotation, or provide senior-level guidance as required during an event and aid in rapid response capabilities to protect our 24x7 platform and global workforce.

Required Qualifications

• 10+ years of robust, progressive experience in security engineering, application security, DevSecOps, incident detection and response, or closely related fields.
• Advanced proficiency in at least one programming language (Python, Ruby, Go, Rust, JavaScript), with deep experience conducting detailed code reviews and security assessments across multiple languages you may not have deep proficiency in.(Experience with  Clojure is a plus.)
• Hands-on experience with deploying, operating, and interpreting results from security tools such as static analyzers, web vulnerability scanners, supply chain analysis scanners, and host-based intrusion detection systems.
• Demonstrated experience mentoring, coaching and guiding junior and mid-level security engineers, contributing to a strong team culture, and supporting peer development as a senior individual contributor.
• Demonstrated proactive approach, strong continuous learning orientation, and curiosity about emerging threats, security trends, and innovative technologies.
• Extensive expertise securing cloud-native environments (AWS, Azure, GCP, containers, microservices), with in-depth knowledge of modern cloud security risks and defenses.
• Demonstrated ability to embrace being wrong, practice humility, continuously learn from experiences, and actively seek insights through thoughtful questioning and collaboration.
• Nice to have: exposure to  participating in security incidents, guiding penetration testing efforts, or operation of SIEM/SOAR platforms.

#LI-SG1
Equal Opportunity StatementWe are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of age, ancestry, citizenship, color, ethnicity, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or invisible disability status, political affiliation, veteran status, race, religion, or sexual orientation.
Did you read the requirements as a checklist and not tick every box? Don't rule yourself out! If this role resonates with you, hit the ‘apply’ button.