Product Security Engineer

Databricks is a data and AI company that provides a unified platform for data, analytics, and AI. They are seeking a Product Security Engineer to manage SDLC functions for features and products, focusing on security design reviews, threat models, and incident response.

Responsibilities:

• Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc
• Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed
• Work with the results of SAST tools to help evaluate and identify false positives and file defects for real issues
• Work on DAST tools and related automation for auto-assessment and defect filing
• Maintain the automation framework and add new features as needed to support different security compliances that Databricks may want to get into – FedRamp, PCI, HIPPA, etc
• Prioritize security from a risk management perspective, rather than an absolute textbook version
• Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general

Requirements:

• 2-4 years Experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow
• Understanding on at least two of the following domains - Web Security, Cloud Security, Systems Security and Applied Cryptography
• Proficient with one or more of Programming languages ( Python/Java/Scala/JavaScript) and ability to read code to identify security defects
• Skilled in scripting and automation on exploits
• Exploit writing skills is a positive and greatly required
• Fuzzing skills are good to have