Senior Product Security Engineer
- Remote from
- 🇬🇧 UK
- Seniority level
- Job function
- Job type
- Full Time,
- Job posted
- Apply before
- 15 May 2024
- Industry
About Databricks
All your data, analytics and AI on one lakehouse platform
While candidates in the listed location(s) are encouraged for this role, candidates in other locations will be considered.
The Product Security Team’s mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.
You will be an individual contributor on the product security team at Databricks, manage SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team, spread across various locations in the US and EMEA.
The impact you will have:
- Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.
- Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed.
- Work with the results of SAST tools to help evaluate and identify false positives and file defects for real issues.
- Work on DAST tools and related automation for auto-assessment and defect filing.
- Maintain the automation framework and add new features as needed to support different security compliances that Databricks may want to get into – FedRamp, PCI, HIPPA, etc.
- Prioritize security from a risk management perspective, rather than an absolute textbook version.
- Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general
What we look for:
- 3+ years of experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow.
- Solid understanding on at least two of the following domains – Web Security, Cloud Security, Systems Security and Applied Cryptography.
- 3+ years of experience with one or more of Python/Java/Scala/JavaScript and ability to read code to identify security defects.
- Strong skills on scripting and automation on exploits
- Fuzzing skills are good to have.
- Exploit writing skills is a positive and greatly required.
Benefits
- Private medical insurance
- Private dental insurance
- Health Cash Plan
- Life, income protection & critical illness insurance
- Pension Plan
- Equity awards
- Enhanced Parental Leaves
- Fitness reimbursement
- Annual career development fund
- Home office & work headphones reimbursement
- Business travel accident insurance
- Mental wellness resources
- Employee referral bonus
About Databricks
Databricks is the data and AI company. More than 10,000 organizations worldwide — including Comcast, Condé Nast, Grammarly, and over 50% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark™, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.
Our Commitment to Diversity and Inclusion
At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics.
How to apply
For safety tips, see our guides or report this job if any issues arise.
Send message
Direct Messaging with Recruiters
See a few more
Similar remote jobs in Software Engineering
-
Senior Android Engineer
Hi, we’re DuckDuckGo, the Internet privacy company for everyone who wants to take back their privacy now. For over a decade, we’ve been building our all-in-one product, developing new privacy technology, and working with policymakers to make online privacy simple and accessible for all.
-
Senior Software Engineer
ConvertKit is a powerful marketing platform built for creators, by creators. We help creators grow and monetize their audience with ease.
-
Site Reliability Engineer
Although we’re proud of our history, we’re just as excited about the future. We want to create a world-class culture and company that attracts, develops, engages and retains elite talent.
-
Security Site Reliability Engineer
At Coinbase, our mission is to increase economic freedom around the world, and we couldn’t do this without hiring the best people. We’re a group of hard-working overachievers who are deeply focused on building the future of finance and Web3 for our users across the globe, whether they’re trading, storing, staking or using crypto.
-
Android Engineer – Poe
We are seeking a talented Android Engineer to join us in building Poe, an exciting new platform at the forefront of generative AI. You will work at the cutting edge of technology to design, develop, and maintain the Poe Android app.
-
Software Engineer – Blockchain Platform
Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion.
-
Senior SQL Developer
The Sr. Engineer App Dev will work as part of the Enterprise Data Integration team under the direction of the Enterprise Data Integration Manager. The position relies on experience and judgment to support, enhance and create ETL processes, requiring a broad degree of independence, knowledge and problem solving skills.
-
Associate Java Developer
We help protect our customers against life’s uncertainties. Regardless of where you work within the company, you’ll be helping provide protection and peace of mind when our customers need it most.
-
Sr. Software Engineer, Windows Desktop App
Hi, we’re DuckDuckGo, the Internet privacy company for everyone who wants to take back their privacy now. For over a decade, we’ve been building our all-in-one product, developing new privacy technology, and working with policymakers to make online privacy simple and accessible for all.
-
Senior Software Developer
At Pearson, we are committed to a world that is always learning and to our talented team who makes it all possible. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better.
-
Intermediate Full Stack Engineer
Thinkific is a software platform that gives anyone the ability to easily create and sell online courses, build vibrant communities, and monetize memberships.
-
Senior JavaScript Developer
Argyle is a fast-growing, remote-first Series C startup solving a systemic data problem. Underneath the consumer finance industry’s decisions and processes is static, analog documentation—things like credit reports and paystubs—designed decades ago for a world that no longer exists.
-
Staff Site Reliability Engineer
Mozilla Corporation is the non-profit-backed technology company that has shaped the internet for the better over the last 25 years. We make pioneering brands like Firefox, the privacy-minded web browser, and Pocket, a service for keeping up with the best content online.
-
Senior JavaScript Engineer
At 10up, we call developers like you engineers because you aren’t just a “coder”: you’re an innovative problem solver that uses web programming skills to divine smart, creative solutions to client challenges. As a Senior JavaScript Developer at 10up, you are an integral part in building custom-crafted UIs utilized by millions of people daily.
-
Senior Protocol Engineer (Rust)
We are seeking a core Protocol Engineer to help implement the Subspace Network, a radically decentralized, next-generation blockchain written in Rust, using the Substrate framework. Subspace employs a novel proof-of-storage consensus algorithm and a decoupled execution framework, which allows it to scale far beyond existing blockchains, without sacrificing security or decentralization.
Job Search Safety Tips
FAQ
What position is Databricks hiring for?
Databricks is hiring a remote Senior Product Security Engineer from 🇬🇧 UK
What type of employment does Databricks offer?
This is a Full Time role.
