Software Principal Engineer

About the Role :

As a Principal Security Engineer you will serve as the technical authority for our products security posture. This is a high-impact role that bridges the gap between customer trust and backend engineering. You wont just be checking boxes - you will be diving deep into the Java ecosystem to triage complex vulnerabilities architecting fixes for critical flaws and distinguishing genuine threats from false positives.

Key Responsibilities:

• Vulnerability Management: Own the lifecycle of security issues reported by customers and automated scans.
• Triage & Analysis: Expertly analyze incoming reports to determine severity exploitability and business impact. You will be the final word on False Positives.
• Hands-on Remediation: Design and implement high-quality performant fixes within a complex Java backend environment.
• Security Mentorship: Act as a consultant to product teams ensuring Security by Design is integrated into the development lifecycle.
• Threat Modeling: Conduct deep-dive architectural reviews to identify potential weaknesses before they reach production.
• Direct the strategy for maintaining or migrating legacy cryptographic implementations specifically utilizing RSA BSAFE (Crypto-J / SSL-J) to ensure FIPS 140-2/3 compliance.

Required Technical Expertise:

• The Java Specialist: Deep expertise in Java (Core and Enterprise) and common frameworks (Spring Boot Hibernate). You should be able to read and debug complex code
• PKI Architecture : Hands on skills in design and maintenance of the Public Key Infrastructure - Integration between Certificate Authorities (CAs) Registration Authorities (RAs) and the Java application layer.
• Security Native: Strong understanding of the OWASP Top 10 and common attack vectors (XSS SQLi CSRF SSRF Deserialization flaws).
• The Tooling: Experience with SAST DAST and SCA tools (e.g. Nessus Veracode or Burp Suite).
• Cloud & Infrastructure: Familiarity with securing cloud-native applications (AWS/Azure/GCP) and containerized environments (Docker/Kubernetes).

Qualifications

• 810 years of experience in Backend Engineering in Java and/or Security Research.
• Proven track record of fixing vulnerabilities in a large-scale Java production environment.
• Relevant certifications (CISSP CSSLP OSCP or GWEB) are a significant plus but not a substitute for hands-on experience.

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race color and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process please contact the RSA Talent Acquisition Team at . RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time including prior to the advertised closing date.

Required Experience:

Staff IC