Principal Java Developer II - Security - Elasticsearch

What is The Role:

Elasticsearch powers search, observability, and AI retrieval (RAG) for the world's largest organizations. We are seeking a Principal Software Engineer II to lead the architecture and implementation of Elasticsearch’s core authentication, authorization and tenant-isolation primitives. You will partner with leaders across Elastic to deliver end-to-end security guarantees, ensuring our distributed data stores provide best-in-class security and identity management features at scale!

What You Will Be Doing:

Lead Critical Initiatives: Take ownership of and drive complex, multi-functional security initiatives from conception to delivery. You will be responsible for defining technical strategy, roadmaps, and execution for major security architectural components within Elasticsearch, such as:

• Developing the foundational security models for intricate features.
• Optimizing security performance at massive scale within distributed systems environments.
• Applying cryptographic solutions to address genuine customer use cases.
• Ensuring robust data isolation within shared infrastructure supporting disparate customers.

Technical Mentorship: Drive technical excellence and develop a culture of security awareness and high-performance engineering across the team, guiding senior engineers in development practices. Technical Leadership: Act as a principal voice in architectural and design discussions, guiding the security posture and development practices of Elasticsearch and the Elastic Stack, and driving long-term security strategy within the team and across the organization.

• Translate customer needs into a clear, relevant technical vision.
• Monitor and apply industry advancements and best practices in security areas, including authentication, identity management, cryptography, and data access management.
• Collaborate with peers across the company to embed security into new customer features from the outset.

What You Bring:

• Expert Core Java and Concurrency: Deep expertise in Java internals, JVM memory management, and writing high-performance, lock-free, and thread-safe code in large OSS codebases.
• Authorization at Scale: Proven experience building scalable AuthZ systems, including RBAC/ABAC models, token validation, permission compilation, and cache invalidation strategies in distributed databases.
• Distributed Systems Fundamentals: A strong understanding of distributed systems security, including node-to-node trust, secure transport, and partition tolerance.
• Vision & Roadmap: Collaborate with engineering and product leadership to define the technical vision and roadmap for authorization and data isolation features within the Elasticsearch security domain, translating high-level business goals into concrete,...
• IAM & Cloud Security: Deep knowledge of edge identity protocols (OAuth 2.0, SAML).
• Cross-Team Teamwork: Act as the primary technical point of contact for security features,...

Bonus Points:

• Applied Cryptography: Deep understanding of cipher suites,...
• Compliance Frameworks: Hands-on experience mapping technical controls to FedRAMP (Moderate/High), FIPS,...
• Data Store Internals: Experience working on internals of a data store or search engine.

Additional Information - We Take Care of Our People:

As a distributed company,... We strive to have parity of benefits across regions:... Elastic is an equal opportunity employer committed to an inclusive culture celebrating different perspectives. For accommodation requests during application or recruiting process: candidate_accessibility@elastic.co

Compensation:

Base salary range: $192500—$304500 CAD (typical starting range) Additional benefits include participation in Elastic's stock program... This is a posting for an existing vacancy actively seeking qualified candidates. Apply Now (R11103)