Security Engineering enables Databricks to develop secure products and services while sustaining high-feature velocity and high quality and ensure that Databricks meets customer security and compliance requirements.
We are seeking a security architect, who is a senior hands-on developer and will be responsible for driving Security Architecture and shaping Security strategy of the engineering organization. In this role, you’ll report to the Senior Director of Product Security and Security Engineering, with visibility to our executive leadership team as well as our customers. This role involves defining security integration into SDLC, provide security best practices, review existing services and infrastructure, build security frameworks across different programming languages and participate in design reviews. This role requires constant collaboration with other teams in engineering and security stakeholder outside engineering.
- Define and drive Secure SDLC including training, security best practices, Security Architecture, Design/Code Reviews, Threat Modelling, Security Tools, Pen Testing, Incident Response.
- Research, Prototype and integrate Security Tools into CI/CD pipeline (Container Security, Static, Dynamic, Application Scanning, Third party Vulnerability Scanning, etc) with 100% coverage of all deployment/build pipelines.
- Build processes to review existing Databricks PaaS services, cloud infrastructure and code to ensure that 100% of production code gets a review (automated or manual)
- Be the engineering POC on compliance and Collaborate with IT security, Product Management and Field to address various compliance requirements -- PCI, FedRAMP, HITRUST, HIPAA, etc.
- Build Security Frameworks (Authentication, Authorization, Crypto, Multi-Tenancy, Vulnerability Protection) across Java, Scala, Python.
- Ensure 100% of CVEs are monitored and assessed within 30 days for DB relevant vulns with a trackable SLA for closing the exposure.
- 2+ years of experience in Product Security, specifically reviewing Designs and Threat Modeling for cloud services.
- Designed and Implemented significant components and features in some of the following areas - Cryptography, PKI, Network Security, IAM and Threats/Anti Virus.
- In-depth experience identifying and protecting against web application and web service security vulnerabilities & threats and ways to mitigate them including those found in the OWASP Top 10 and CWE Top 25.
- 7+ years of development experience in multiple programming languages
- Successful Collaboration with other teams to improve product and service security
- Excellent communication skills that clearly articulates security content and risks
- Attitude of providing “value add” and simplifying developer life is critical
- Medical, dental, vision
- 401k Retirement Plan
- Unlimited Paid Time Off
- Catered lunch (everyday), snacks, and drinks
- Gym reimbursement
- Employee referral bonus program
- Awesome coworkers
- Maternity and paternity plans
Databricks’ mission is to accelerate innovation for its customers by unifying Data Science, Engineering and Business. Founded by the original creators of Apache Spark™, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of business to build data products. Users achieve faster time-to-value with Databricks by creating analytic workflows that go from ETL and interactive exploration to production. The company also makes it easier for its users to focus on their data by providing a fully managed, scalable, and secure cloud infrastructure that reduces operational complexity and total cost of ownership. Databricks, venture-backed by Andreessen Horowitz, NEA and Battery Ventures, among others, has a global customer base that includes Viacom, Shell, and HP. For more information, visit www.databricks.com.
Apache, Apache Spark and Spark are trademarks of the Apache Software Foundation.