Principal Java Engineer II - Security - Elasticsearch

We are seeking a Principal Java Engineer II to lead the architecture and implementation of Elasticsearch's core authentication, authorization, and tenant-isolation primitives. As a key member of our team, you will be responsible for defining technical strategy, roadmaps, and execution for major security architectural components within Elasticsearch.

Key Responsibilities:

• Lead critical initiatives from conception to delivery, defining technical strategy, roadmaps, and execution for major security architectural components within Elasticsearch.
• Develop foundational security models for intricate features, optimizing security performance at massive scale within distributed systems environments.
• Apply cryptographic solutions to address genuine customer use cases, ensuring robust data isolation within shared infrastructure supporting disparate customers.
• Drive technical excellence and develop a culture of security awareness and high-performance engineering across the team, guiding senior engineers in development practices.
• Act as a principal voice in architectural and design discussions, guiding the security posture and development practices of Elasticsearch and the Elastic Stack, and driving long-term security strategy within the team and across the organization.

Requirements:

• Expert Core Java and Concurrency: Deep expertise in Java internals, JVM memory management, and writing high-performance, lock-free, and thread-safe code in large OSS codebases.
• Authorization at Scale: Proven experience building scalable AuthZ systems, including RBAC/ABAC models, token validation, permission compilation, and cache invalidation strategies in distributed databases.
• Distributed Systems Fundamentals: A strong understanding of distributed systems security, including node-to-node trust, secure transport, and partition tolerance.
• Vision & Roadmap: Collaborate with engineering and product leadership to define the technical vision and roadmap for authorization and data isolation features within the Elasticsearch security domain, translating high-level business goals into concrete, shippable architecture.
• IAM & Cloud Security: Deep knowledge of edge identity protocols (OAuth 2.0, SAML).
• Cross-Team Teamwork: Act as the primary technical point of contact for security features, driving alignment and integration with search, AI, cloud, and operations teams to ensure consistent security posture across the Elastic Stack.

Bonus Points:

• Applied Cryptography: Deep understanding of cipher suites, TLS handshakes, certificate management, and integrating crypto primitives without introducing latency.
• Compliance Frameworks: Hands-on experience mapping technical controls to FedRAMP (Moderate/High), FIPS, and SOC 2 standards.
• Data Store Internals: Experience working on the internals of a data store or search engine.

Compensation for this role is in the form of base salary. This role does not have a variable compensation component. The typical starting salary range for new hires in this role is $199,700-$315,900 USD. In select locations (including Seattle WA, Los Angeles CA, the San Francisco Bay Area CA, and the New York City Metro Area), an alternate range may apply as specified below. These ranges represent the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the ranges may be modified in the future. An employee's position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs.