¡Activa las notificaciones laborales por email!

Sr. Product Security Engineer

Databricks

Santiago de Compostela

Presencial

EUR 40.000 - 70.000

Jornada completa

Hace 2 días

Sé de los primeros/as/es en solicitar esta vacante

Mejora tus posibilidades de llegar a la entrevista

Elabora un currículum adaptado a la vacante para tener más posibilidades de triunfar.

Descripción de la vacante

A leading company in data analytics seeks a Product Security team member to enhance SDLC processes and secure new features. The role demands collaboration with various teams, focusing on threat modeling and incident response. Ideal candidates will have strong skills in web, cloud, and systems security with a background in automation and scripting.

Formación

3+ years of experience with Threat Modeling.
Strong understanding in multiple security domains.
Proficiency in scripting and automation related to exploits.

Responsabilidades

Manage SDLC functions for product features including security design reviews.
Support Incident Response and Vulnerability Response.
Utilize SAST and DAST tools for security evaluations.

Conocimientos

Threat Modeling

Web Security

Cloud Security

Systems Security

Applied Cryptography

Scripting

Automation

While candidates in the listed location(s) are encouraged for this role, candidates in other locations will be considered.

The Product Security Team's mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.

You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This includes, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing, and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team across various locations in the US and EMEA.

The impact you will have :

Full SDLC Support for new product features developed by ENG and non-ENG teams, including Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.
Collaborate with other security teams to support Incident Response and Vulnerability Response as needed.
Utilize SAST tools to evaluate results, identify false positives, and file defects for genuine issues.
Work with DAST tools and related automation for auto-assessment and defect filing.
Maintain and enhance automation frameworks to support security compliance efforts such as FedRamp, PCI, HIPAA, etc.
Prioritize security risks from a risk management perspective rather than strictly adhering to textbook standards.
Develop and implement security processes to improve the overall productivity of the product security organization and SDLC processes.

What we look for :

3+ years of experience with Threat Modeling, capable of identifying design issues based on data flow diagrams.
Strong understanding in at least two domains from Web Security, Cloud Security, Systems Security, and Applied Cryptography.
Proficiency in scripting and automation related to exploits.
Fuzzing skills are advantageous.
Exploit writing skills are highly desirable and considered a strong positive.

J-18808-Ljbffr

Consigue la evaluación confidencial y gratuita de tu currículum.

o arrastra un archivo en formato PDF, DOC, DOCX, ODT o PAGES de hasta 5 MB.