¡Activa las notificaciones laborales por email!

Sr. Product Security Engineer

Databricks

Valladolid

Presencial

EUR 50.000 - 70.000

Jornada completa

Hace 2 días

Sé de los primeros/as/es en solicitar esta vacante

Mejora tus posibilidades de llegar a la entrevista

Elabora un currículum adaptado a la vacante para tener más posibilidades de triunfar.

Descripción de la vacante

A leading company in data analytics is seeking an experienced individual to join their product security team. You will play a vital role in managing security processes for product features, ensuring that vulnerabilities are minimized and security compliance is upheld. The role requires strong expertise in threat modeling and experience in various security domains, offering the opportunity to work with a global team and contribute to multiple security initiatives.

Formación

3+ years of experience with Threat Modeling.
Strong understanding of Web, Cloud, Systems Security, and Applied Cryptography.
Proficiency in scripting related to exploits.

Responsabilidades

Manage SDLC functions for features and products within Databricks.
Collaborate with security teams to support Incident Response and Vulnerability Response.
Utilize SAST and DAST tools for evaluations and defect filing.

Conocimientos

Threat Modeling

Web Security

Cloud Security

Systems Security

Applied Cryptography

Scripting and automation

Exploit writing

Fuzzing

While candidates in the listed location(s) are encouraged for this role, candidates in other locations will be considered.

The Product Security Team's mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.

You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This includes, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing, and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team across various locations in the US and EMEA.

The impact you will have :

Full SDLC Support for new product features developed by ENG and non-ENG teams, including Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.
Collaborate with other security teams to support Incident Response and Vulnerability Response as needed.
Utilize SAST tools to evaluate results, identify false positives, and file defects for genuine issues.
Work with DAST tools and related automation for auto-assessment and defect filing.
Maintain and enhance automation frameworks to support security compliance efforts such as FedRamp, PCI, HIPAA, etc.
Prioritize security risks from a risk management perspective rather than strictly adhering to textbook standards.
Develop and implement security processes to improve the overall productivity of the product security organization and SDLC processes.

What we look for :

3+ years of experience with Threat Modeling, capable of identifying design issues based on data flow diagrams.
Strong understanding in at least two domains from Web Security, Cloud Security, Systems Security, and Applied Cryptography.
Proficiency in scripting and automation related to exploits.
Fuzzing skills are advantageous.
Exploit writing skills are highly desirable and considered a strong positive.

J-18808-Ljbffr

Consigue la evaluación confidencial y gratuita de tu currículum.

o arrastra un archivo en formato PDF, DOC, DOCX, ODT o PAGES de hasta 5 MB.