Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security processes for product development, ensuring robust protection against vulnerabilities.
- Company: Join Databricks, a leading data and AI company trusted by top global brands.
- Benefits: Enjoy comprehensive benefits, including health perks and a supportive work environment.
- Why this job: Make a real impact on product security while working with cutting-edge technologies.
- Qualifications: 5-10 years in threat modelling and strong coding skills in Python, Java, or similar.
- Other info: Be part of a diverse team committed to innovation and excellence.
The predicted salary is between 36000 - 60000 £ per year.
The Product Security Team's mission is to left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimise the count and effect of externally identified vulnerabilities on Databricks Services. You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This includes, but is not limited to, security design reviews, threat modeling, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team, spread across various locations in the US and EMEA.
The Impact You Will Have
- Full SDLC Support for new product features being developed in ENG and non-ENG teams. This includes Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.
- Collaborate with other security teams to provide support for Incident Response and Vulnerability Response as needed.
- Work with SAST tool results to evaluate and identify false positives and file defects for real issues.
- Work on DAST tools and related automation for auto-assessment and defect filing.
- Maintain the automation framework and add new features to support different security compliances that Databricks may pursue (e.g., FedRamp, PCI, HIPAA).
- Prioritise security from a risk management perspective.
- Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general.
What We Look For
- 5-10 years experience with the Threat Modeling process and the ability to identify design problems based on a data-flow block diagram.
- Solid understanding in at least two of the following domains: Web Security, Cloud Security, Systems Security and Applied Cryptography.
- Proficient in one or more programming languages (Python/Java/Scala/JavaScript) with ability to read code to identify security defects.
- Strong scripting and automation skills related to exploits.
- Fuzzing skills are a plus.
- Exploit writing skills are highly valued.
Databricks is committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards.
Senior Manager, Product Security employer: Databricks
Contact Detail:
Databricks Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Manager, Product Security
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those at Databricks. A friendly chat can open doors and give you insights that a job description just can't.
✨Tip Number 2
Show off your skills! If you've got a portfolio or examples of your work, bring them along to interviews. Demonstrating your expertise in threat modelling or exploit writing can really set you apart.
✨Tip Number 3
Prepare for the unexpected! Brush up on your knowledge of security tools and practices. You might get asked about SAST or DAST tools, so being ready to discuss these will show you're serious about the role.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen. Plus, it shows you’re genuinely interested in joining the Databricks team.
We think you need these skills to ace Senior Manager, Product Security
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with Threat Modeling and SDLC processes. We want to see how your skills align with our mission at Databricks!
Show Off Your Skills: Don’t hold back on showcasing your programming prowess! If you’ve got experience in Python, Java, or any other relevant languages, let us know. We love seeing candidates who can read code and identify security defects.
Be Clear and Concise: When writing your application, keep it straightforward. We appreciate clarity, so make sure your points are easy to understand and directly related to the role. Avoid jargon unless it’s necessary!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at Databricks
✨Know Your SDLC Inside Out
Make sure you’re well-versed in the Security Development Lifecycle (SDLC) processes. Brush up on how to left-shift security practices and be ready to discuss specific examples of how you've implemented these in past roles.
✨Show Off Your Threat Modelling Skills
Prepare to talk about your experience with threat modelling. Be ready to explain how you identify design problems using data-flow block diagrams, and share any relevant case studies where your insights made a difference.
✨Demonstrate Your Coding Proficiency
Since you'll need to read code to spot security defects, make sure you can discuss your proficiency in programming languages like Python or Java. Bring examples of code reviews you've conducted and any security issues you’ve identified.
✨Highlight Your Collaboration Experience
This role involves working with global teams, so be prepared to discuss your experience collaborating across different locations. Share examples of how you’ve successfully worked with other security teams on incident response or vulnerability management.