Product Security Engineer
Product Security Engineer
Product Security Engineer
Databricks
The Product Security Engineer role at Databricks focuses on enhancing the Security Development Lifecycle (SDLC) processes to minimize vulnerabilities in production code. The position is remote and involves collaboration with a global team to conduct security design reviews, threat modeling, and incident response support.
Qualification
- 2-4 years of experience with the Threat Modeling process and identifying design problems.
- Understanding of at least two domains: Web Security, Cloud Security, Systems Security, and Applied Cryptography.
- Proficient in programming languages such as Python, Java, Scala, or JavaScript.
- Skilled in scripting and automation related to exploits.
- Exploit writing skills are highly desired.
Responsibility
- Full SDLC Support for new product features including Threat Modeling, Design Review, and Manual Code Review.
- Support Incident Response and Vulnerability Response as needed.
- Evaluate SAST tool results to identify false positives and file defects for real issues.
- Work on DAST tools and related automation for auto-assessment and defect filing.
- Maintain and enhance the automation framework for security compliance (FedRamp, PCI, HIPAA, etc.).
- Develop and implement security processes to improve productivity in the product security organization.
