Software Principal Engineer at RSA Security

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

09 Aug, 26

Salary

0.0

Posted On

11 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Java, Spring Boot, Hibernate, PKI Architecture, OWASP Top 10, SAST, DAST, SCA, AWS, Azure, GCP, Docker, Kubernetes, Vulnerability Management, Threat Modeling, Cryptography

Industry

Computer and Network Security

Description

About the Role : As a Principal Security Engineer, you will serve as the technical authority for our product’s security posture. This is a high-impact role that bridges the gap between customer trust and backend engineering. You won’t just be "checking boxes” - you will be diving deep into the Java ecosystem to triage complex vulnerabilities, architecting fixes for critical flaws, and distinguishing genuine threats from false positives. Key Responsibilities: Vulnerability Management: Own the lifecycle of security issues reported by customers, and automated scans. Triage & Analysis: Expertly analyze incoming reports to determine severity, exploitability, and business impact. You will be the final word on "False Positives." Hands-on Remediation: Design and implement high-quality, performant fixes within a complex Java backend environment. Security Mentorship: Act as a consultant to product teams, ensuring "Security by Design" is integrated into the development lifecycle. Threat Modeling: Conduct deep-dive architectural reviews to identify potential weaknesses before they reach production. Direct the strategy for maintaining or migrating legacy cryptographic implementations, specifically utilizing RSA BSAFE (Crypto-J / SSL-J) to ensure FIPS 140-2/3 compliance. Required Technical Expertise: The Java Specialist: Deep expertise in Java (Core and Enterprise) and common frameworks (Spring Boot, Hibernate). You should be able to read and debug complex code PKI Architecture : Hands on skills in design and maintenance of the Public Key Infrastructure - Integration between Certificate Authorities (CAs), Registration Authorities (RAs), and the Java application layer. Security Native: Strong understanding of the OWASP Top 10 and common attack vectors (XSS, SQLi, CSRF, SSRF, Deserialization flaws). The Tooling: Experience with SAST, DAST, and SCA tools (e.g., Nessus, Veracode, or Burp Suite). Cloud & Infrastructure: Familiarity with securing cloud-native applications (AWS/Azure/GCP) and containerized environments (Docker/Kubernetes). Qualifications 8–10 years of experience in Backend Engineering in Java and/or Security Research. Proven track record of fixing vulnerabilities in a large-scale Java production environment. Relevant certifications (CISSP, CSSLP, OSCP, or GWEB) are a significant plus but not a substitute for hands-on experience. RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law. If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at rsa.global.talent.acquisition@rsa.com. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.

Responsibilities

Serve as the technical authority for the product's security posture by triaging complex vulnerabilities and architecting fixes in a Java backend. Lead threat modeling, security mentorship, and the strategy for FIPS compliant cryptographic implementations.