We are seeking an Application/Product security engineer, who is a hands-on developer and will be responsible for driving Security Architecture and shaping Security strategy of the engineering organization. In this role, you will report to the Head of Security Engineering, with visibility to our executive leadership team as well as our customers. This involves mentoring other team members, defining security integration into SDLC and researching/implementing/extending the necessary security tools, providing security best practices, reviewing existing services and infrastructure, build security frameworks across different programming languages and participate in design and architecture reviews, and implement security features. This role requires constant collaboration with other teams in engineering and security stakeholders outside engineering. The Security Engineering team's mission is to enable Databricks to develop secure products and services while sustaining high-feature velocity and high quality and ensure that Databricks meets customer security and compliance requirements.
- Define and drive Secure SDLC including training, security best practices, Security Architecture, Design/Code Reviews, Threat Modeling, Security Tools, Pen Testing, Incident Response.
- Research, Prototype, integrate Security Tools into CI/CD pipeline (Container Security, Static, Dynamic, Application Scanning, Third party Vulnerability Scanning, etc) with 100% coverage of all deployment/build pipelines. Build new tools and extend existing tools to bridge gaps in existing tools, leveraging technologies like Machine Learning.
- Perform security review of existing Databricks PaaS services, cloud infrastructure and establish processes to ensure that all production code gets a review.
- Be the engineering POC on compliance and Collaborate with IT security, Product Management and Field to address various compliance requirements -- PCI, FedRAMP, HITRUST, HIPAA, etc.
- Build Security Frameworks (Authentication, Authorization, Crypto, Multi-Tenancy, Vulnerability Protection) across Java, Scala, Python.
- Implement security features in SaaS platform like Bring your own key (BYOK)
- 5+ years of software development experience in multiple programming languages
- Proven track record of successful collaboration with cross functional teams to improve product and service security
- Excellent communication skills and strong ability to clearly articulate security content and risks, and mitigation.
- Attitude of providing “value add” and simplifying developer life is critical
- 2+ years of experience in Product Security, specifically reviewing Designs and Threat Modeling for cloud services.
- Experience identifying and protecting against web application and web service security vulnerabilities & threats and ways to mitigate them, including those found in the OWASP Top 10 and CWE Top 25.
- Designed and Implemented significant components and features related to Security. Some of the security areas are Cryptography, PKI, Network Security, IAM and Threats/Anti Virus
- Medical, dental, vision
- 401k Retirement Plan
- Unlimited Paid Time Off
- Catered lunch (everyday), snacks, and drinks
- Gym reimbursement
- Employee referral bonus program
- Awesome coworkers
- Maternity and paternity plans
Databricks’ mission is to accelerate innovation for its customers by unifying Data Science, Engineering and Business. Founded by the original creators of Apache Spark™, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of business to build data products. Users achieve faster time-to-value with Databricks by creating analytic workflows that go from ETL and interactive exploration to production. The company also makes it easier for its users to focus on their data by providing a fully managed, scalable, and secure cloud infrastructure that reduces operational complexity and total cost of ownership. Databricks, venture-backed by Andreessen Horowitz, NEA and Battery Ventures, among others, has a global customer base that includes Viacom, Shell, and HP. For more information, visit www.databricks.com.
Apache, Apache Spark and Spark are trademarks of the Apache Software Foundation.