Software Principal Engineer

RSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA specializes in empowering security-first organizations in financial services, healthcare, energy, technology services, and other industries to thrive in a digital world, delivering complete capabilities for modern authentication, access, lifecycle management, and identity governance. Whether in the cloud or on-premises, RSA connects people with the digital resources they depend on everywhere they live, work, and play.

For decades, RSA has pioneered many of the encryption, authentication, and identity federation technologies that still power the internet. And now RSA is transforming the industry yet again, paving the way for the future of digital identity through the RSA Unified Identity Platform; next-generation hybrid and cloud solutions; the first ever and only multi-functional, passwordless hardware authenticator; and a frictionless, mobile-optimized experience for the modern workforce. If you are self-motivated and looking for a fast-paced challenge doing something that truly matters, come join our winning team!  For more information, go to rsa.com.

About the Role :

As a Principal Security Engineer, you will serve as the technical authority for our product’s security posture. This is a high-impact role that bridges the gap between customer trust and backend engineering. You won’t just be "checking boxes” - you will be diving deep into the Java ecosystem to triage complex vulnerabilities, architecting fixes for critical flaws, and distinguishing genuine threats from false positives.

Key Responsibilities:

• Vulnerability Management: Own the lifecycle of security issues reported by customers, and automated scans.
• Triage & Analysis: Expertly analyze incoming reports to determine severity, exploitability, and business impact. You will be the final word on "False Positives."
• Hands-on Remediation: Design and implement high-quality, performant fixes within a complex Java backend environment.
• Security Mentorship: Act as a consultant to product teams, ensuring "Security by Design" is integrated into the development lifecycle.
• Threat Modeling: Conduct deep-dive architectural reviews to identify potential weaknesses before they reach production.
• Direct the strategy for maintaining or migrating legacy cryptographic implementations, specifically utilizing RSA BSAFE (Crypto-J / SSL-J) to ensure FIPS 140-2/3 compliance.

Required Technical Expertise:

• The Java Specialist: Deep expertise in Java (Core and Enterprise) and common frameworks (Spring Boot, Hibernate). You should be able to read and debug complex code
• PKI Architecture : Hands on skills in design and maintenance of the Public Key Infrastructure - Integration between Certificate Authorities (CAs), Registration Authorities (RAs), and the Java application layer.
• Security Native: Strong understanding of the OWASP Top 10 and common attack vectors (XSS, SQLi, CSRF, SSRF, Deserialization flaws).
• The Tooling: Experience with SAST, DAST, and SCA tools (e.g., Nessus, Veracode, or Burp Suite).
• Cloud & Infrastructure: Familiarity with securing cloud-native applications (AWS/Azure/GCP) and containerized environments (Docker/Kubernetes).

Qualifications

• 8–10 years of experience in Backend Engineering in Java and/or Security Research.
• Proven track record of fixing vulnerabilities in a large-scale Java production environment.
• Relevant certifications (CISSP, CSSLP, OSCP, or GWEB) are a significant plus but not a substitute for hands-on experience.

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at [email protected]. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.