Databricks - Senior Manager, Product Security
Requirements
• Experience: 5-10 years of experience required for Threat Modeling process and identifying design problems based on data flow block diagrams. • Skills in domains: Solid understanding needed in at least two out of the following four areas - Web Security, Cloud Security, Systems Security, Applied Cryptography. • Programming languages proficiency: Proficient with one or more programming languages such as Python/Java/Scala/JavaScript and ability to read code for security defect identification is required. • Exploit skills: Strong scripting and automation abilities on exploits are necessary, along with good fuzzing skills (good but not mandatory). • Certifications or must-haves were NOT stated in the job posting.
Responsibilities
• Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc. • Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed. • Work with the results of SAST tools to help evaluate and identify false positives and file defects for real issues. • Work on DAST tools and related automation for auto-assessment and defect filing. • Maintain the automation framework and add new features as needed to support different security compliances that Databricks may want to get into – FedRamp, PCI, HIPPA, etc. • Prioritize security from a risk management perspective, rather than an absolute textbook version. • Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general • What we look for: • What we look for: • 5-10 years Experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow. • Solid understanding on at least two of the following domains - Web Security, Cloud Security, Systems Security and Applied Cryptography. • Proficient with one or more of Programming languages ( Python/Java/Scala/JavaScript) and ability to read code to identify security defects. • Strong skills on scripting and automation on exploits • Fuzzing skills are good to have. • Exploit writing skills is a positive and greatly required. • Databricks is the data and AI company. More than 10,000 organizations worldwide — including Comcast, Condé Nast, Grammarly, and over 50% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark™, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.BenefitsAt Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https://www.mybenefitsnow.com/databricks.
Benefits
• Our Commitment to Diversity and Inclusion • At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics. • Compliance • If access to export-controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.
Apply in one click
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT