Principal Java Engineer II - Security - Elasticsearch

Elastic, the Search AI Company, enables everyone to find the answers they need in real time using all their data at scale. The Principal Java Engineer II will lead the architecture and implementation of Elasticsearch’s core security features, ensuring best-in-class security and identity management for distributed data stores.

Responsibilities:

• Lead Critical Initiatives: Take ownership of and drive complex, multi-functional security initiatives from conception to delivery. You will be responsible for defining technical strategy, roadmaps, and execution for major security architectural components within Elasticsearch, such as: Developing the foundational security models for intricate features. Optimizing security performance at massive scale within distributed systems environments. Applying cryptographic solutions to address genuine customer use cases. Ensuring robust data isolation within shared infrastructure supporting disparate customers
• Technical Mentorship: Drive technical excellence and develop a culture of security awareness and high-performance engineering across the team, guiding senior engineers in development practices
• Technical Leadership: Act as a principal voice in architectural and design discussions, guiding the security posture and development practices of Elasticsearch and the Elastic Stack, and driving long-term security strategy within the team and across the organization
• Translate customer needs into a clear, relevant technical vision
• Monitor and apply industry advancements and best practices in security areas, including authentication, identity management, cryptography, and data access management
• Collaborate with peers across the company to embed security into new customer features from the outset
• Security & Privacy Responsibilities: Take ownership of protecting the confidentiality, integrity, and availability of organizational data and systems by following applicable privacy and security policies, standards, and procedures. Ensure that all individual contributions follow Elastic’s Secure Software Development Framework (SSDF). Proactively participate in mandatory role-based training to ensure personal technical execution consistently aligns with the highest standards of data protection, data privacy, and system resilience

Requirements:

• Expert Core Java and Concurrency: Deep expertise in Java internals, JVM memory management, and writing high-performance, lock-free, and thread-safe code in large OSS codebases
• Authorization at Scale: Proven experience building scalable AuthZ systems, including RBAC/ABAC models, token validation, permission compilation, and cache invalidation strategies in distributed databases
• Distributed Systems Fundamentals: A strong understanding of distributed systems security, including node-to-node trust, secure transport, and partition tolerance
• Vision & Roadmap: Collaborate with engineering and product leadership to define the technical vision and roadmap for authorization and data isolation features within the Elasticsearch security domain, translating high-level business goals into concrete, shippable architecture
• IAM & Cloud Security: Deep knowledge of edge identity protocols (OAuth 2.0, SAML)
• Cross-Team Teamwork: Act as the primary technical point of contact for security features, driving alignment and integration with search, AI, cloud, and operations teams to ensure consistent security posture across the Elastic Stack
• Applied Cryptography: Deep understanding of cipher suites, TLS handshakes, certificate management, and integrating crypto primitives without introducing latency
• Compliance Frameworks: Hands-on experience mapping technical controls to FedRAMP (Moderate/High), FIPS, and SOC 2 standards
• Data Store Internals: Experience working on the internals of a data store or search engine