Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join our Product Security Team to enhance security in software development and protect against vulnerabilities.
- Company: Databricks, a leading data and AI company with a global presence.
- Benefits: Comprehensive benefits, remote work options, and a commitment to diversity and inclusion.
- Why this job: Make a real impact on product security while working with cutting-edge technologies.
- Qualifications: 5-10 years in threat modeling, coding skills, and strong automation abilities.
- Other info: Dynamic team environment with opportunities for professional growth.
The predicted salary is between 36000 - 60000 Β£ per year.
Overview
The Product Security Team\βs mission is to left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services. You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This includes, but is not limited to, security design reviews, threat modeling, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team, spread across various locations in the US and EMEA.
The Impact You Will Have
- Full SDLC Support for new product features being developed in ENG and non-ENG teams. This includes Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.
- Collaborate with other security teams to provide support for Incident Response and Vulnerability Response as needed.
- Work with SAST tool results to evaluate and identify false positives and file defects for real issues.
- Work on DAST tools and related automation for auto-assessment and defect filing.
- Maintain the automation framework and add new features to support different security compliances that Databricks may pursue (e.g., FedRamp, PCI, HIPAA).
- Prioritize security from a risk management perspective.
- Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general.
What We Look For
- 5-10 years experience with the Threat Modeling process and the ability to identify design problems based on a data-flow block diagram.
- Solid understanding in at least two of the following domains: Web Security, Cloud Security, Systems Security and Applied Cryptography.
- Proficient in one or more programming languages (Python/Java/Scala/JavaScript) with ability to read code to identify security defects.
- Strong scripting and automation skills related to exploits.
- Fuzzing skills are a plus.
- Exploit writing skills are highly valued.
About Databricks
Databricks is the data and AI company. More than 10,000 organizations worldwide β including Comcast, CondΓ© Nast, Grammarly, and over 50% of the Fortune 500 β rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.
Benefits
At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https://www.mybenefitsnow.com/databricks.
Our Commitment to Diversity and Inclusion
Databricks is committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics.
Compliance
If access to export-controlled technology or source code is required for performance of job duties, it is within Employer\\\βs discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.
Seniority level
- Mid-Senior level
Employment type
- Full-time
Job function
- Information Technology
- Industries
- Software Development
#J-18808-Ljbffr
Staff Product Security Engineer employer: Databricks
Contact Detail:
Databricks Recruiting Team
StudySmarter Expert Advice π€«
We think this is how you could land Staff Product Security Engineer
β¨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those at Databricks. A friendly chat can open doors and give you insights that job descriptions just can't.
β¨Tip Number 2
Show off your skills! If you've got a portfolio or any projects related to security engineering, make sure to highlight them during interviews. Real-world examples can set you apart from the crowd.
β¨Tip Number 3
Prepare for technical interviews by brushing up on your coding skills and security concepts. Practice common interview questions and scenarios related to threat modelling and exploit writing to impress the hiring team.
β¨Tip Number 4
Don't forget to apply through our website! Itβs the best way to ensure your application gets seen by the right people. Plus, it shows you're genuinely interested in joining the Databricks family.
We think you need these skills to ace Staff Product Security Engineer
Some tips for your application π«‘
Tailor Your CV: Make sure your CV reflects the skills and experience mentioned in the job description. Highlight your expertise in Threat Modeling, security design reviews, and any relevant programming languages like Python or Java. We want to see how you fit into our mission!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about product security and how your background aligns with our goals at Databricks. Be genuine and let us know what excites you about this role.
Showcase Your Projects: If you've worked on any relevant projects, whether personal or professional, make sure to mention them. We love seeing practical examples of your skills, especially in areas like exploit writing or automation frameworks. It gives us a glimpse of what you can bring to the team!
Apply Through Our Website: We encourage you to apply directly through our website for the best chance of getting noticed. It streamlines the process for us and ensures your application lands in the right hands. Plus, itβs super easy to do!
How to prepare for a job interview at Databricks
β¨Know Your SDLC Inside Out
Make sure youβre well-versed in the Security Development Lifecycle (SDLC) processes. Brush up on how to conduct security design reviews and threat modelling, as these will likely come up during your interview. Being able to discuss specific examples from your past experience will show that you can hit the ground running.
β¨Show Off Your Technical Skills
Since this role requires proficiency in programming languages like Python, Java, or Scala, be prepared to demonstrate your coding skills. You might be asked to read code snippets and identify security defects, so practice this beforehand. Having a few examples of your own exploit writing or automation projects can really set you apart.
β¨Understand the Tools of the Trade
Familiarise yourself with SAST and DAST tools, as well as any automation frameworks relevant to security compliance. Be ready to discuss how youβve used these tools in previous roles, especially in evaluating false positives or filing defects. This shows youβre not just knowledgeable but also practical in applying your skills.
β¨Emphasise Collaboration and Communication
This position involves working with global teams, so highlight your experience in collaborating across different locations and departments. Share examples of how youβve effectively communicated complex security concepts to non-technical stakeholders. This will demonstrate your ability to work well within a diverse team environment.
