Staff Security Engineer - Product Security

Databricks San Francisco , CA 94118

Posted 3 weeks ago

Mission

We are seeking a Staff Security Engineer, who is a senior hands-on developer and will be responsible for driving Security Architecture and shaping Security strategy of the engineering organization. In this role, you will report to the Head of Product Security & Infrastructure, with visibility to our executive leadership team as well as our customers. In this role you will drive the technical charter of the Security Engineering team. This involves being an integral component in hiring and mentoring other team members, defining security integration into SDLC and researching/implementing/extending the necessary security tools, providing security best practices, reviewing existing services and infrastructure, building security frameworks across different programming languages and participating in design and architecture reviews, and implementing security features.

Outcomes

  • Define and drive Secure SDLC including training, security best practices, Security Architecture, Design/Code Reviews, Threat Modeling, Security Tools, Pen Testing, Incident Response.

  • Perform security review of existing Databricks PaaS services, cloud infrastructure and establish processes to ensure that all production code gets a review.

  • Build Security Frameworks (Authentication, Authorization, Crypto, Multi-Tenancy, Vulnerability Protection) across Java, Scala, Python.

Competencies

  • 10+ years of software development experience in multiple programming languages

  • Proven track record of successful collaboration with cross functional teams to improve product and service security.

  • Excellent communication skills and strong ability to clearly articulate security content and risks, and mitigation.

  • 5+ years of experience in Product Security, specifically reviewing Designs and Threat Modeling for cloud services.

  • Experience identifying and protecting against web application and web service security vulnerabilities & threats and ways to mitigate them, including those found in the OWASP Top 10 and CWE Top 25.

Benefits

  • Medical, dental, vision

  • 401k Retirement Plan

  • Unlimited Paid Time Off

  • Catered lunch (everyday), snacks, and drinks

  • Gym reimbursement

  • Employee referral bonus program

  • Awesome coworkers

  • Maternity and paternity plans

About Databricks

Databricks' mission is to accelerate innovation for its customers by unifying Data Science, Engineering and Business. Founded by the original creators of Apache Spark, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of business to build data products. Users achieve faster time-to-value with Databricks by creating analytic workflows that go from ETL and interactive exploration to production. The company also makes it easier for its users to focus on their data by providing a fully managed, scalable, and secure cloud infrastructure that reduces operational complexity and total cost of ownership. Databricks, venture-backed by Andreessen Horowitz, NEA and Battery Ventures, among others, has a global customer base that includes Salesforce, Viacom, Shell, and HP. For more information, visit www.databricks.com.

Apache, Apache Spark and Spark are trademarks of the Apache Software Foundation.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Staff Product Security Engineer

Zendesk

Posted 1 week ago

VIEW JOBS 3/28/2020 12:00:00 AM 2020-06-26T00:00 Job Description Are you passionate about application security and want to drive security into products across an entire platform of products? Do you enjoy the challenge of designing creative solutions to tough problems? Are you excited about securing the newest technology including the public cloud, containerization and GraphQL? Can you thrive in a dynamic team where our 150k+ customers count on us for protecting their data? If so, you might be a perfect fit for Zendesk's Product Security Team! At Zendesk, we believe that security is everyone's responsibility and that security decisions should be simple. When our customers or employees face options, we strive to make the secure option the easiest way of achieving their goals. Our Product Security team develops processes and builds tools that allow our Engineering team to make the right, secure decisions for our customers. We partner with our engineers to prioritize security during the entire software development process and provide tools and programs to do so including, but not limited to, a mature bug bounty program, Security Champions program, security reviews, static/dynamic testing tooling and vulnerability management. Our awesome team Our team is globally distributed with team members from different cultures and backgrounds. This gives us a diversity of opinions and experience, enabling us to see problems from many different perspectives and design the best solutions to tough problems. Our Product Security team members are always learning and growing their capabilities and skill sets. Your manager Your manager, Scott, empowers team members by supporting them when they need help and striving to coach rather than command. The goal is to always be growing and to do that you will continuously face new challenges and take on new opportunities to learn. Scott enjoys gardening, home brewing and video games, but would really like to hear what you are passionate about - aside from application security, of course! What you'll do as a Staff Product Security Engineer * Be the global lead of the Security Engagement program to guide engineers through the threat modeling process and scale our program around the world. * Guide and inspire developers across Zendesk to build security into their products and features from the very beginning. * Tackle projects to build out new capabilities to increase the scope and effectiveness of our team through process improvement and automation. * Mentor junior staff on security fundamentals, risk management and vulnerabilities. * Share in the execution of our Security Champions program to nurture a security culture and to help our engineers improve their security posture. * Assist in the vulnerability management process including triaging identified vulnerabilities and tracking them through the vulnerability lifecycle. * Be the voice of Zendesk Security while responding to customer security questions and issues. * Support incident response efforts as needed and work with teammates to investigate them. What you need to succeed * At least 5 years of application security experience, plus experience mentoring junior staff. * Knowledge of modern web applications, frameworks and technologies - including their security threats and vulnerabilities. * An understanding of the threat modeling process and how to efficiently scale this with automation and taking a risk based approach to prioritize resource utilization. * Ability to design creative solutions to problems. * Outstanding verbal and written communication skills. * Programming experience (Ruby, Python, Scala, Golang, Node.js, Ember.js, or React is a plus) - please send us your GitHub/Bitbucket account or any other examples of projects, if available. * Experience securing large Amazon Web Service deployments. * Penetration testing experience/ability to verify common web vulnerabilities. * Ability to work on multiple projects/tasks at once - balancing and prioritizing work appropriately. * Experience with agile development processes, working in a fast-paced environment with continuous integration. * Bachelor's degree in Computer Science or other relevant focus of study. * Security certifications are a plus such as OSCP, GWEB, GPEN, GWAPT, CEH, CISSP, GSEC, etc Zendesk builds software for better customer relationships. It empowers organizations to improve customer engagement and better understand their customers. Zendesk products are easy to use and implement. They give organizations the flexibility to move quickly, focus on innovation, and scale with their growth. More than 150,000 paid customer accounts in over 150 countries and territories use Zendesk products. Based in San Francisco, Zendesk has operations in the United States, Europe, Asia, Australia, and South America. Interested in knowing what we do in the community? Check out the Zendesk Neighbor Foundation to learn more about how we engage with, and provide support to, our local communities. Zendesk is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Zendesk are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. By submitting your application, you agree that Zendesk may collect your personal data for recruiting, global organization planning, and related purposes. Zendesk's Candidate Privacy Notice explains what personal information Zendesk may process, where Zendesk may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Zendesk's use of your personal information. Zendesk San Francisco CA

Staff Security Engineer - Product Security

Databricks