Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.
What Is The Role :
Elasticsearch powers search, observability, and AI retrieval (RAG) for the world's largest organizations. We are seeking a **Principal Software Engineer II **to lead the architecture and implementation of Elasticsearch’s core authentication, authorization and tenant-isolation primitives. You will partner with leaders across Elastic to deliver end-to-end security guarantees, ensuring our distributed data stores provide best-in-class security and identity management features at scale!
What You Will Be Doing :
Lead Critical Initiatives: Take ownership of and drive complex, multi-functional security initiatives from conception to delivery. You will be responsible for defining technical strategy, roadmaps, and execution for major security architectural components within Elasticsearch, such as:
- Developing the foundational security models for intricate features.
- Optimizing security performance at massive scale within distributed systems environments.
- Applying cryptographic solutions to address genuine customer use cases.
- Ensuring robust data isolation within shared infrastructure supporting disparate customers.
**Technical Mentorship: **Drive technical excellence and develop a culture of security awareness and high-performance engineering across the team, guiding senior engineers in development practices.
Technical Leadership: Act as a principal voice in architectural and design discussions, guiding the security posture and development practices of Elasticsearch and the Elastic Stack, and driving long-term security strategy within the team and across the organization.
- Translate customer needs into a clear, relevant technical vision.
- Monitor and apply industry advancements and best practices in security areas, including authentication, identity management, cryptography, and data access management.
- Collaborate with peers across the company to embed security into new customer features from the outset.
What You Bring :
- Expert Core Java and Concurrency: Deep expertise in Java internals, JVM memory management, and writing high-performance, lock-free, and thread-safe code in large OSS codebases.
- Authorization at Scale: Proven experience building scalable AuthZ systems, including RBAC/ABAC models, token validation, permission compilation, and cache invalidation strategies in distributed databases.
- Distributed Systems Fundamentals: A strong understanding of distributed systems security, including node-to-node trust, secure transport, and partition tolerance.
- Vision & Roadmap: Collaborate with engineering and product leadership to define the technical vision and roadmap for authorization and data isolation features within the Elasticsearch security domain, translating high-level business goals into concrete, shippable architecture.
- IAM & Cloud Security: Deep knowledge of edge identity protocols (OAuth 2.0, SAML).
- Cross-Team Teamwork: Act as the primary technical point of contact for security features, driving alignment and integration with search, AI, cloud, and operations teams to ensure consistent security posture across the Elastic Stack.
Bonus Points :
- Applied Cryptography: Deep understanding of cipher suites, TLS handshakes, certificate management, and integrating crypto primitives without introducing latency.
- Compliance Frameworks: Hands-on experience mapping technical controls to FedRAMP (Moderate/High), FIPS, and SOC 2 standards.
- **Data Store Internals: **Experience working on the internals of a data store or search engine.
Compensation for this role is in the form of base salary. This role does not have a variable compensation component. The typical starting salary range for new hires in this role is listed below.
These ranges represent the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the ranges may be modified in the future.
An employee's position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs.
Elastic believes that employees should have the opportunity to share in the value that we create together for our shareholders. Therefore, in addition to cash compensation, this role is currently eligible to participate in Elastic's stock program. Our total rewards package also includes a company-matched Registered Retirement Savings Plan (RRSP) with dollar-for-dollar matching up to 6% of eligible earnings, along with a range of other benefits offered with a holistic emphasis on employee well-being.
The typical starting salary range for this role is:
$192,500—$304,500 CAD
Additional Information - We Take Care of Our People
As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.
We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.
- Competitive pay based on the work you do here and not your previous salary
- Health coverage for you and your family in many locations
- Ability to craft your calendar with flexible locations and schedules for many roles
- Generous number of vacation days each year
- Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
- Up to 40 hours each year to use toward volunteer projects you love
- Embracing parenthood with minimum of 16 weeks of parental leave
Different people approach problems differently. We need that. Elastic is an equal opportunity employer and is committed to creating an inclusive culture that celebrates different perspectives, experiences, and backgrounds. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.
We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email candidate_accessibility@elastic.co. We will reply to your request within 24 business hours of submission.
Applicants have rights under Federal Employment Laws, view posters linked below: Family and Medical Leave Act (FMLA) Poster; Pay Transparency Nondiscrimination Provision Poster; Employee Polygraph Protection Act (EPPA) Poster and Know Your Rights (Poster)
Elasticsearch develops and distributes technology and information that is subject to U.S. and other countries’ export controls and licensing requirements for individuals who are located in or are nationals of the following sanctioned countries and regions: Belarus, Cuba, Iran, North Korea, Syria, or Russia, including the Ukrainian territories annexed by Russia (The Crimea region of Ukraine, The Donetsk People's Republic (DNR), The Luhansk People's Republic (LNR), Kherson or Zaporizhzhia). If you are located in or are a national of one of the listed countries or regions, an export license may be required as a condition of your employment in this role. Please note that national origin and/or nationality do not affect eligibility for employment with Elastic.
Please see here for our Privacy Statement.