Security Engineer • Staff

Who you are

You have extensive experience in product security, with a strong focus on enhancing the security of software development lifecycles. Your background includes managing security functions for various products and features, ensuring that security is integrated from the start. You are skilled in conducting security design reviews and threat modeling, and you have a solid understanding of manual code reviews and exploit writing. You thrive in collaborative environments and can effectively communicate security concepts to both technical and non-technical stakeholders.

You are familiar with incident response and vulnerability response programs, having supported teams in addressing security incidents and vulnerabilities. Your experience includes working with SAST and DAST tools, helping to evaluate and identify security issues, and maintaining automation frameworks to support compliance with various security standards. You are proactive in prioritizing security risks and implementing measures to mitigate them.

Desirable

Experience with compliance frameworks such as FedRamp, PCI, and HIPAA is a plus. You have a keen interest in staying updated with the latest security trends and vulnerabilities, and you are eager to contribute to a culture of security awareness within the organization.

What you'll do

As a Staff Product Security Engineer at Databricks, you will play a crucial role in the Product Security Team, focusing on left-shifting security processes within the software development lifecycle. You will be responsible for conducting security design reviews and threat modeling for new product features, ensuring that security considerations are integrated early in the development process. Your expertise in manual code reviews will help identify potential vulnerabilities before they reach production.

You will collaborate with engineering teams to provide guidance on security best practices and assist in the implementation of security measures. Your role will also involve supporting incident response efforts when vulnerabilities are reported, working closely with other security teams to address and remediate issues effectively.

In addition, you will leverage SAST and DAST tools to evaluate security findings, helping to distinguish between false positives and genuine vulnerabilities. You will maintain and enhance the automation framework to support various security compliance initiatives, ensuring that Databricks meets industry standards and regulations.

Your contributions will directly impact the security posture of Databricks, helping to minimize the risk of vulnerabilities in production and enhancing the overall security of the services provided to customers.

What we offer

Databricks offers a collaborative and inclusive work environment where you can make a significant impact on product security. You will have the opportunity to work with a talented team of security professionals and engineers, contributing to the development of secure software solutions. We encourage you to apply even if your experience doesn't match every requirement, as we value diverse perspectives and backgrounds. Join us in our mission to enhance security practices and protect our customers' data.