Product Security Engineer

Databricks is seeking a Product Security Engineer to join their team in a fully remote role across the United States. As part of the Product Security Team, you'll be instrumental in implementing and managing Security Development Lifecycle (SDLC) processes for all Databricks code. The role combines technical security expertise with practical risk management, focusing on preventing vulnerabilities in production systems.

The position involves conducting security design reviews, threat modeling, manual code reviews, and creating exploit chains. You'll work with a global team across the US and EMEA, supporting both engineering and non-engineering teams in securing product features. Key responsibilities include working with SAST and DAST tools, maintaining automation frameworks, and supporting incident response and vulnerability management programs.

Databricks offers a competitive compensation package with base salary ranging from $100,900 to $193,300 USD, depending on location zone. The company serves over 10,000 organizations worldwide, including major enterprises like Comcast, Condé Nast, and Grammarly, with a focus on unifying data, analytics, and AI.

The ideal candidate should have 2-4 years of experience in threat modeling, strong understanding of web security, cloud security, or applied cryptography, and proficiency in programming languages like Python, Java, Scala, or JavaScript. Skills in exploit writing, fuzzing, and security automation are highly valued.

This role offers an opportunity to impact product security at scale while working with cutting-edge technology in a rapidly growing company. The position combines hands-on technical work with strategic security planning, making it ideal for security professionals who want to shape security practices in a dynamic environment.