Security Engineer • Staff

Who you are

You have extensive experience in product security, ideally with a focus on the software development lifecycle (SDLC) — your background includes managing security processes for various software features and products. You are skilled in threat modeling and conducting security design reviews, ensuring that security is integrated into every stage of development. Your expertise extends to manual code reviews and exploit writing, allowing you to identify and mitigate vulnerabilities effectively.

You are familiar with incident response and vulnerability response programs — when a security incident occurs, you are ready to support your team in addressing and resolving the issue. You thrive in collaborative environments, working with global teams to enhance security measures across different locations. Your analytical skills enable you to work with results from Static Application Security Testing (SAST) tools, helping to evaluate and identify false positives while filing defects for real issues.

You are proactive in maintaining and enhancing automation frameworks for security compliance — your experience includes working with Dynamic Application Security Testing (DAST) tools and related automation for auto-assessment and defect filing. You understand the importance of reducing the likelihood of introducing new vulnerabilities in production and minimizing the impact of externally identified vulnerabilities.

Desirable

Experience with security compliance frameworks and standards is a plus — you are familiar with various security regulations and best practices that guide product security efforts. You have a strong understanding of secure coding practices and are able to communicate these effectively to engineering teams.

What you'll do

In this role, you will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products. You will conduct security design reviews and threat modeling for new product features being developed in both engineering and non-engineering teams. Your responsibilities will include performing manual code reviews and writing exploits to demonstrate vulnerabilities, ensuring that security is prioritized throughout the development process.

You will collaborate with other security teams to provide support for incident response and vulnerability response as needed — your role will be critical in addressing security incidents and ensuring that vulnerabilities are managed effectively. You will work closely with the results of SAST tools to evaluate and identify false positives, filing defects for real issues to enhance the overall security posture of Databricks.

Additionally, you will maintain the automation framework and add new features as needed to support different security compliances that Databricks may want to pursue. Your contributions will help shape the security landscape of Databricks, ensuring that the software developed is secure and resilient against potential threats.

What we offer

Databricks offers a dynamic work environment where you can make a significant impact on the security of our products. You will have the opportunity to work with a talented team of security professionals and collaborate with engineers across various teams. We encourage you to apply even if your experience doesn't match every requirement — your passion for security and willingness to learn are what matter most. Join us in our mission to enhance the security of our software development lifecycle and protect our customers' data.