Software Principal Engineer

Responsibilities

• Own the lifecycle of security issues reported by customers and automated scans
• Analyze incoming reports to determine severity, exploitability, and business impact
• Design and implement high-quality, performant fixes within a complex Java backend environment
• Act as a consultant to product teams to ensure "Security by Design" is integrated into the development lifecycle
• Conduct deep-dive architectural reviews and threat modeling to identify potential weaknesses
• Direct the strategy for maintaining or migrating legacy cryptographic implementations to ensure FIPS 140-2/3 compliance

Requirements

• 8–10 years of experience in Backend Engineering (Java) or Security Research
• Deep expertise in Java (Core and Enterprise) and frameworks like Spring Boot and Hibernate
• Hands-on experience with PKI architecture, including integration between CAs, RAs, and the Java application layer
• Strong understanding of the OWASP Top 10 and common attack vectors
• Experience with SAST, DAST, and SCA tools (e.g., Nessus, Veracode, or Burp Suite)
• Familiarity with securing cloud-native applications (AWS/Azure/GCP) and containerized environments (Docker/Kubernetes)

Preferred Qualifications

• Relevant security certifications such as CISSP, CSSLP, OSCP, or GWEB

About the Company

RSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities. RSA specializes in empowering security-first organizations in financial services, healthcare, energy, and technology to thrive in a digital world through modern authentication, access, and identity governance.