Principal Vulnerability Engineer

We are looking for a Principal Vulnerability Engineer who will be part of the security vulnerability team for the Java platform. This team conducts both the red team (offensive) and blue team (defensive) duties. Responsibilities will include proactive research, security tooling, assessments, and assisting development teams with security code review. Qualified candidates must have at least 10+ years of hands-on experience in platform security, with deep knowledge of the Java security model being a must. Minimum 10+ years of hands-on experience with security protocols and best practices are required. The ideal candidate is expected to work independently on assigned tasks. Proven past experience in successful security incident resolution and proactive research utilizing industry-standard tools is a must-have. Past research and CVEs on Java security issues are a plus. Must have proficiency in Java, expert-level C/C++ skills, and systems-level programming. Great personal leadership, self-starter abilities, and communication skills are required.

Career Level: IC4

Responsibilities: Responsibilities will include proactive research on new vulnerability signatures for the Java platform, creating and maintaining security tooling for the Java platform, conducting security assessments for new features that will be integrated into the JDK, and assisting development teams with security code review. Ability to code in Java and perform implementation code review for both Java and native source code is required.