Principal C++ Security Systems Engineer - Enterprise Trust
Quick Summary
The Opportunity The Creative Cloud Engineering organization is strengthening the security foundation for Photoshop and the broader Creative Cloud ecosystem. Photoshop is a large-scale,
The Creative Cloud Engineering organization is strengthening the security foundation for Photoshop and the broader Creative Cloud ecosystem. Photoshop is a large-scale, performance-critical C++ application with native code, third-party dependencies, plug-in surfaces, file-format parsers, cloud-connected workflows, and growing enterprise expectations around software transparency and product security.
We are looking for a Principal C++ Security Systems Engineer to serve as the security champion for Photoshop. This role will define and drive the technical roadmap for memory safety, sandboxing, SBOM, dependency governance, secure build integrity, and enterprise security readiness.
This is not a compliance-only role or a generic AppSec role. It is a hands-on Principal engineering role for someone who understands large C++ codebases, can reason about real product attack surfaces, and can partner deeply with engineering teams to make Photoshop more secure, resilient, and enterprise ready.
Responsibilities
~1 min readSecurity Architecture & Technical Leadership
- →
Serve as the principal security systems engineer and security champion for Photoshop
- →
Define the security roadmap across native C++ code, file handling, extensibility, cloud-connected workflows, AI-enabled capabilities, and enterprise deployment scenarios
- →
Partner with product engineering, platform security, legal, compliance, release, build, and enterprise teams to turn security requirements into durable engineering capabilities
- →
Lead security design reviews for high-risk areas including parsers, plug-ins, scripting, extensibility, IPC, AI-enabled workflows, and customer data handling
- →
Establish secure-by-design patterns that teams can adopt without slowing product velocity
Drive a pragmatic memory safety roadmap for Photoshop’s large C++ codebase
Prioritize high-risk, attacker-reachable components such as image parsers, file-format decoders, font handling, color profiles, plug-in boundaries, native services, and IPC paths
Improve adoption of sanitizers, fuzzing, static analysis, compiler hardening, runtime mitigations, and safer C++ practices
Reduce vulnerability classes such as use-after-free, buffer overflows, type confusion, unsafe pointer usage, integer overflows, and unsafe deserialization
Evaluate when to use modern C++, Rust, process isolation, safer libraries, or targeted rewrites versus mitigation and containment
Build measurable security signals into CI/CD so regressions are caught earlier
Define sandboxing and isolation strategies for high-risk Photoshop execution surfaces
Improve security boundaries around file import/export, plug-ins, scripting, generative workflows, embedded services, and third-party integrations
Design privilege separation, process isolation, brokered access, secure IPC, and least-privilege boundaries
Partner across macOS, Windows, web, and cloud-connected surfaces to apply the right OS-level security controls
Reduce blast radius while balancing performance, compatibility, and professional workflow requirements
Own the technical strategy for Photoshop SBOM generation, validation, accuracy, and release integration
Build reliable SBOM pipelines across first-party code, third-party libraries, open-source dependencies, native packages, build outputs, installers, and shipped artifacts
Integrate SBOMs into vulnerability detection, dependency policy enforcement, release readiness, and enterprise reporting
Improve dependency governance across open-source intake, version tracking, vulnerability response, license metadata, and end-of-life dependency removal
Drive secure build provenance, artifact signing, release integrity, and traceability across Photoshop delivery pipelines
Partner with enterprise security, field, compliance, and product teams to support customer security requirements
Produce engineering-backed evidence for customer reviews, vendor assessments, procurement requirements, regulatory inquiries, and escalations
Improve Photoshop’s response to CVEs, zero-days, dependency disclosures, and customer-reported security concerns
Lead root-cause analysis and drive systemic fixes that reduce entire vulnerability classes
Turn enterprise security asks into reusable platform capabilities rather than one-off responses
Photoshop has a clear, prioritized, and measurable security roadmap
High-risk C++ components have memory safety plans, owners, and measurable risk reduction
Fuzzing, sanitizer coverage, static analysis, and hardening checks are integrated into CI/CD
Sandboxing and isolation boundaries are defined for high-risk surfaces such as parsing, plug-ins, scripting, and extensibility
SBOM generation is integrated into release pipelines and produces accurate, enterprise-ready outputs
Dependency governance, build provenance, artifact signing, and release traceability are improved
Enterprise security responses become faster, more consistent, and backed by engineering evidence
Security findings are surfaced earlier, reducing late-cycle surprises and manual triage
Photoshop teams adopt repeatable secure-by-design patterns instead of relying on one-off reviews
Requirements
~2 min read15+ years of software engineering experience, including deep experience with large-scale, performance-sensitive C++ systems
Strong expertise in modern C++, native application architecture, debugging, performance, memory management, and legacy codebases
Experience securing complex desktop, client, platform, or systems software
Strong understanding of memory safety issues, C/C++ vulnerability classes, static analysis, fuzzing, sanitizers, compiler hardening, and secure coding practices
Experience with sandboxing, process isolation, privilege boundaries, secure IPC, or attack surface reduction
Experience with software supply chain security, dependency governance, SBOM generation, vulnerability management, secure build pipelines, artifact signing, or build provenance
Experience integrating security tooling into CI/CD, developer workflows, or release readiness processes
Strong threat-modeling skills and the ability to reason about realistic attacker capabilities
Ability to influence senior engineers and leaders without direct authority
Strong communication skills with both technical and executive audiences
Experience with large-scale desktop applications, creative tools, media applications, or native cross-platform software
Experience with Windows and macOS security models, sandboxing primitives, code signing, notarization, entitlements, permissions, and secure IPC
Experience with file-format parser security, fuzzing infrastructure, plug-in ecosystems, scripting engines, or untrusted content processing
Experience with SLSA, provenance, artifact signing, CycloneDX, SPDX, VEX, vulnerability disclosure, or secure supply chain frameworks
Experience introducing Rust or another memory-safe language into an existing C++ codebase
Familiarity with CISA Secure by Design, NIST SSDF, memory safety guidance, and EU Cyber Resilience Act expectations
Familiarity with AI/ML security considerations around agentic tools, model-driven workflows, data handling, and generated content pipelines
Has hardened a real, large native codebase against memory safety and product security risks
Can move between architecture, code, build systems, CI/CD, release pipelines, security tooling, and enterprise conversations
Is pragmatic about legacy C++: knows when to rewrite, when to isolate, when to harden, and when to automate detection
Can turn SBOM from a compliance artifact into an engineering and customer trust capability
Can design sandboxing boundaries while understanding performance and compatibility trade-offs
Operates like a Principal engineer: sets direction, builds reference implementations, defines standards, mentors others, and raises the bar across teams
Balances security, performance, product velocity, enterprise needs, and customer impact
Photoshop is one of Adobe’s most trusted and widely deployed products. It processes untrusted content at massive scale and is used by individual creators, creative professionals, enterprises, government customers, and regulated industries.
As customers increase scrutiny around supply chain transparency, vulnerability response, memory safety, AI-enabled workflows, and secure software delivery, Photoshop needs a dedicated Principal-level leader who can connect deep product engineering with modern security architecture.
Adobe empowers everyone to create through innovative platforms and tools that unleash creativity, productivity and personalized customer experiences. Adobe’s industry-leading offerings including Adobe Acrobat Studio, Adobe Express, Adobe Firefly, Creative Cloud, Adobe Experience Platform, Adobe Experience Manager, and GenStudio enable people and businesses to turn ideas into impact, powered by AI and driven by human ingenuity.
Our 30,000+ employees worldwide are creating the future and raising the bar as we drive the next decade of growth. We’re on a mission to hire the very best and believe in creating a company culture where all employees are empowered to make an impact. At Adobe, we believe that great ideas can come from anywhere in the organization. The next big idea could be yours.
At Adobe, we believe in creating a company culture where all employees are empowered to make an impact. Learn more about Adobe life, including our values and culture, focus on people, purpose and community, Adobe for All, comprehensive benefits programs, the stories we tell, the customers we serve, and how you can help us advance our mission of empowering everyone to create.
Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other protected characteristic. Learn more.
Adobe aims to make our Careers website and recruiting process accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call +1 408-536-3015.
In California, the pay range for this position is $248,900 - $360,500
At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP).
In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award.
State-Specific Notices:
Adobe will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and “fair chance” ordinances.
Colorado:
If this role is open to hiring in Colorado (as listed on the job posting), the application window will remain open until at least the date and time stated above in Pacific Time, in compliance with Colorado pay transparency regulations. If this role does not have Colorado listed as a hiring location, no specific application window applies, and the posting may close at any time based on hiring needs.
Massachusetts:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Location & Eligibility
Listing Details
- Posted
- June 22, 2026
- First seen
- June 27, 2026
- Last seen
- July 9, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 28%
- Scored at
- June 27, 2026
Signal breakdown
Please let adobe know you found this job on Jobera.
4 other jobs at adobe
View all →Explore open roles at adobe.
Similar Systems Engineer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.