Elastic is hiring an

Elasticsearch - Principal Java Engineer - Security

Rimini, Italy

We're looking for a Principal Java Engineer to join the Elasticsearch - Security team, focusing on making Elasticsearch more secure for our user community.  This is a principal software engineering role that covers the design and implementation of new features, enhancements to existing features, and resolving bugs. We design and write code (including automated tests) and documentation. We review one another’s code via GitHub pull requests, and we investigate and fix bugs. We do all of this transparently on GitHub.

The Elasticsearch Security team is responsible for a range of security features, including Identity and Access management, Auditing, TLS and Certificate Management, and Cryptography. We’re the team that builds the sorts of things that show up under a “Security” heading on a product feature list. Here’s exactly that list for the Elastic Stack. This role will provide opportunities to learn more about each of these areas of security, and to influence how these features are used within Elastic's Cloud, and our enterprise search, observability, and security solutions.

Elasticsearch is a distributed application written in Java, dedicated to performance and scalability. We’re looking for Senior Java engineers who are able to design new product features while thinking through the concurrency and performance implications of those designs.

What You Will Be Doing:

  • Working in a hands-on capacity on a successful, high profile Java project used throughout the world for multiple use cases
  • Applying your experience in software development to design and build new security features in Elasticsearch, that strike a balance between usability, performance and security trade-offs,
  • Evolving the existing authentication and authorization features of Elasticsearch and the Elastic Stack.
  • Working with other teams across Elastic to build and expand the foundation of security for Elastic's products.
  • Prototyping new ideas and experimenting openly.
  • Collaborating in the open with the Elasticsearch team, Elastic Stack users, and others supporting open source projects.
  • Working with the community on bugs and performance issues and assisting support engineers with tougher customer issues.

What You Bring Along:

  • At least 8 years of experience in software engineering, preferably with a focus on server side Java development.
  • You are highly proficient in Java, conversant in the standard library of data structures and concurrency constructs.
  • Strong algorithm implementation and optimization skills.
  • Awareness of application security fundamentals, and an ability to think through security risks and trade-offs.
  • Experience designing, leading and owning cross-functional initiatives.

Bonus Points:

  • Experience in any of the following:
    • Authentication protocols such as SAML, OpenID Connect or LDAP
    • TLS and X.509 certificate management
    • Cryptography, including hashing and encryption.
  • You've worked in open source before and are familiar with different styles of source control workflow and continuous integration.
  • You've built things with Elasticsearch before, and understand how distributed systems operate and the limitations and advantages.