Security Engineer • Mid-Level

Who you are

You have a strong background in security engineering, with experience in managing security processes throughout the software development lifecycle (SDLC). Your expertise includes conducting security design reviews and threat modeling to identify potential vulnerabilities before they reach production. You are skilled in manual code reviews and have a knack for exploit writing, enabling you to understand and mitigate security risks effectively.

You are familiar with incident response (IR) and vulnerability response (VRP) programs, having supported teams in addressing security incidents and vulnerability reports. Your experience with static application security testing (SAST) tools allows you to evaluate code for security flaws, while your knowledge of dynamic application security testing (DAST) tools helps automate assessments and defect filing. You thrive in collaborative environments, working with global teams to enhance security practices across various projects.

Desirable

Experience with security compliance frameworks and a proactive approach to identifying and mitigating security risks are highly valued. Familiarity with automation frameworks for security assessments will set you apart, as will your ability to adapt to new security tools and methodologies as they emerge.

What you'll do

As a Product Security Engineer at Databricks, you will play a crucial role in left-shifting security processes within the SDLC. You will collaborate with engineering teams to ensure that security is integrated into the development of new product features. This includes conducting thorough threat modeling and security design reviews to identify potential vulnerabilities early in the development process.

You will be responsible for performing manual code reviews, where your keen eye for detail will help uncover security issues that automated tools might miss. Your skills in exploit writing will be utilized to demonstrate potential attack vectors, helping teams understand the implications of security flaws.

In addition to your proactive security measures, you will support incident response efforts when vulnerabilities are reported or security incidents occur. Your collaboration with other security teams will ensure a coordinated response to any security challenges that arise.

You will also work with the results of SAST tools to evaluate findings, identify false positives, and file defects for genuine issues. Your expertise in DAST tools will be essential for automating assessments and streamlining the defect filing process. You will maintain and enhance the automation framework, adding new features as needed to support various security compliance initiatives that Databricks may pursue.

What we offer

At Databricks, you will be part of a dynamic team dedicated to enhancing the security of our products. We offer a flexible remote work environment, allowing you to collaborate with colleagues across the United States and EMEA. You will have opportunities for professional growth and development, as well as the chance to make a significant impact on the security posture of our services. Join us in our mission to build secure and reliable software solutions that empower our customers.