Sr. Product Security Engineer

Sé de los primeros solicitantes.
Solo para miembros registrados
Santiago de Compostela
EUR 40.000 - 70.000
Sé de los primeros solicitantes.
Ayer
Descripción del empleo

While candidates in the listed location(s) are encouraged for this role, candidates in other locations will be considered.

The Product Security Team's mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.

You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This includes, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing, and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team across various locations in the US and EMEA.

The impact you will have :

  • Full SDLC Support for new product features developed by ENG and non-ENG teams, including Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.
  • Collaborate with other security teams to support Incident Response and Vulnerability Response as needed.
  • Utilize SAST tools to evaluate results, identify false positives, and file defects for genuine issues.
  • Work with DAST tools and related automation for auto-assessment and defect filing.
  • Maintain and enhance automation frameworks to support security compliance efforts such as FedRamp, PCI, HIPAA, etc.
  • Prioritize security risks from a risk management perspective rather than strictly adhering to textbook standards.
  • Develop and implement security processes to improve the overall productivity of the product security organization and SDLC processes.

What we look for :

  • 3+ years of experience with Threat Modeling, capable of identifying design issues based on data flow diagrams.
  • Strong understanding in at least two domains from Web Security, Cloud Security, Systems Security, and Applied Cryptography.
  • Proficiency in scripting and automation related to exploits.
  • Fuzzing skills are advantageous.
  • Exploit writing skills are highly desirable and considered a strong positive.

J-18808-Ljbffr