Staff Product Security Engineer
Staff Product Security Engineer
Staff Product Security Engineer
Databricks
The Staff Product Security Engineer at Databricks will be an individual contributor on the product security team, focusing on managing SDLC functions to enhance security for all code written in Databricks. The role involves conducting security design reviews, threat modeling, manual code reviews, and supporting incident response and vulnerability response programs. The position requires collaboration with global teams and emphasizes the importance of integrating security into the development lifecycle to minimize vulnerabilities.
Qualification
- 5-10 years of experience with the Threat Modeling process and ability to identify design problems.
- Solid understanding of at least two domains: Web Security, Cloud Security, Systems Security, and Applied Cryptography.
- Proficient in one or more programming languages (Python, Java, Scala, JavaScript) and capable of reading code to identify security defects.
- Strong skills in scripting and automation related to exploits.
- Exploit writing skills are highly desired; fuzzing skills are a plus.
Responsibility
- Full SDLC Support for new product features including Threat Modeling, Design Review, and Manual Code Review.
- Support Incident Response and Vulnerability Response as needed.
- Evaluate and identify false positives using SAST tools and file defects for real issues.
- Work on DAST tools and related automation for auto-assessment and defect filing.
- Maintain and enhance the automation framework to support various security compliances like FedRamp, PCI, HIPAA.
- Develop and implement security processes to improve productivity in the product security organization.
