Product Security Engineer

Databricksposted 1 day ago
$100,900 - $193,300/Yr
Resume Match Score
Upload and Match ResumeTrack Jobs with Teal

About the position

This role can be based remotely anywhere in the United States. The Product Security Team's mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services. You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team, spread across various locations in the US and EMEA.

Responsibilities

  • Full SDLC Support for new product features being developed in ENG and non-ENG teams.
  • Conduct Threat Modeling, Design Review, Manual Code Review, and Exploit writing.
  • Work with other security teams to provide support for Incident Response and Vulnerability Response.
  • Evaluate and identify false positives from SAST tools and file defects for real issues.
  • Work on DAST tools and related automation for auto-assessment and defect filing.
  • Maintain the automation framework and add new features to support different security compliances.
  • Prioritize security from a risk management perspective.
  • Help develop and implement security processes to improve the overall productivity of the product security organization.

Requirements

  • 2-4 years Experience with the Threat Modeling process.
  • Understanding of at least two of the following domains: Web Security, Cloud Security, Systems Security, and Applied Cryptography.
  • Proficient with one or more programming languages (Python/Java/Scala/JavaScript) and ability to read code to identify security defects.
  • Skilled in scripting and automation on exploits.
  • Exploit writing skills are a positive and greatly required.

Nice-to-haves

  • Fuzzing skills.

Benefits

  • Comprehensive benefits and perks that meet the needs of all employees.
  • Eligibility for annual performance bonus.
  • Equity options.
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Go to AI Resume Builder

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service