Staff Product Security Engineer

Who you are

You have extensive experience in product security, particularly in managing security throughout the software development lifecycle (SDLC). Your background includes conducting security design reviews and threat modeling, ensuring that security is integrated into every stage of product development. You are skilled in manual code reviews and have a strong understanding of exploit writing and exploit chain creation, which allows you to identify and mitigate vulnerabilities effectively. You are familiar with incident response (IR) and vulnerability response (VRP) programs, and you can collaborate with various teams to address security incidents as they arise. Your experience with static application security testing (SAST) tools enables you to evaluate and identify false positives, ensuring that real issues are addressed promptly. You are also knowledgeable about dynamic application security testing (DAST) tools and can automate assessments to streamline the security process.

Desirable

You have a passion for maintaining security compliance and are eager to work on frameworks that support various security standards such as FedRamp, PCI, and HIPAA. Your ability to prioritize security from a risk management perspective is crucial in this role, as you will be responsible for ensuring that Databricks' services remain secure against emerging threats.

What you'll do

As a Staff Product Security Engineer at Databricks, you will play a critical role in enhancing the security posture of the organization. You will be responsible for left-shifting security processes within the SDLC, working closely with engineering teams to ensure that security is a priority from the outset of product development. Your role will involve conducting thorough threat modeling and security design reviews for new features and products, ensuring that potential vulnerabilities are identified and mitigated early in the development process. You will also perform manual code reviews, providing valuable feedback to developers and helping them understand security best practices.

In addition to your proactive security measures, you will support incident response efforts when vulnerabilities are reported or when security incidents occur. Your expertise will be essential in coordinating responses and ensuring that appropriate actions are taken to address any identified issues. You will collaborate with other security teams to provide comprehensive support for incident and vulnerability response programs, ensuring that Databricks can effectively manage and mitigate risks.

You will also work with the results of SAST tools to evaluate and identify false positives, filing defects for real issues that require attention. Your experience with DAST tools will allow you to contribute to the automation of security assessments, streamlining the process of identifying vulnerabilities and ensuring that security compliance is maintained across the organization.

What we offer

Databricks offers a dynamic work environment where you can make a significant impact on the security of our products. You will have the opportunity to work with a global team, collaborating with colleagues across various locations in the US and EMEA. We encourage you to apply even if your experience doesn't match every requirement, as we value diverse perspectives and backgrounds. Join us in our mission to enhance the security of our services and protect our customers from emerging threats.