Sr. Staff Product Security Engineer
- Databricks
- 10 - 15 years
- Bengaluru
- 1 month ago
- Email to a friend
- Report this job
Job Description
RDQ226R536
About the Team The Product Security Team at Databricks is responsible for embedding security throughout the Software Development Lifecycle (SDLC). Our mission is to left-shift security ensuring that all code, whether powering customer-facing features or supporting internal infrastructure, is developed with security in mind from the start. By reducing the likelihood of introducing vulnerabilities and minimizing the impact of externally reported issues, we safeguard Databricks products and services at scale.
Role Overview As a Product Security Engineer , you will play a key role in securing the features and infrastructure that power Databricks. You will partner closely with engineering teams across the organization to design secure systems, conduct security reviews, and enable scalable, repeatable secure development practices through automation, paved pathways, and guardrails.
You ll support the full spectrum of security within the SDLC from architecture and threat modeling through secure coding, pentesting, and deployment. In addition, you will contribute to incident and vulnerability response efforts and help scale our security influence through tools, frameworks, and processes that support both engineers and compliance needs.
Responsibilities - Partner with product and engineering teams to design secure systems , identify risks early, and guide the development of robust solutions
- Conduct comprehensive security reviews including threat modeling, design analysis, manual code reviews, and exploit development to validate potential weaknesses
- Design and build guardrails that prevent common security mistakes and ensure consistent, enforceable policies across services
- Develop and maintain paved pathways secure-by-default development patterns, frameworks, and tools that enable engineering teams to build securely without friction
- Triage and analyze findings from Static Application Security Testing (SAST) tools, distinguishing false positives from genuine issues and performing variant analysis to identify similar vulnerabilities across the codebase.
- Operate and evolve Dynamic Application Security Testing (DAST) tooling and automation to support vulnerability detection and defect tracking
- Support incident response (IR) and vulnerability response (VRP) workflows as needed, partnering with internal teams to investigate and remediate security events
- Enhance internal security automation frameworks and integrations to meet evolving compliance and regulatory requirements (e.g., FedRAMP, PCI, HIPAA)
- Contribute to the continuous improvement of SDLC-integrated security processes, with a focus on risk-based prioritization, real-world impact, and the implementation of AI-assisted tooling to enhance efficiency, accuracy, and scalability.
What we look for
- 10+ years of experience in product or application security, with deep expertise in securing large-scale, distributed systems
- Extensive experience influencing architectural decisions, embedding security-by-design principles, and aligning security goals with business objectives
- Proven leadership in cross-functional initiatives, including incident response, security reviews, and risk management at scale
- Recognized mentor and technical leader, enabling the growth of security-minded culture through coaching, training, and collaboration
- Thought leader in emerging security technologies and practices, including the integration of AI/ML to scale security operations and tooling
- Expertise in at least two of the following domains:
- Ability to read code and identify security defects in two or more programming languages (e.g., Python, Java, Scala, JavaScript )
- Hands-on experience with exploit development , proof-of-concept creation, or exploit chaining
- Strong automation skills for building security tools and processes using AI-agents (think Cursor, Goose, VSCode, etc)
- Familiarity with fuzzing techniques is a plus
- Pragmatic approach to security prioritizing risk management over theoretical severity
- Other good to have credentials
About Databricks
Databricks is the data and AI company. More than 10,000 organizations worldwide including Comcast, Cond Nast, Grammarly, and over 50% of the Fortune 500 rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark , Delta Lake and MLflow. To learn more, follow Databricks on Twitter , LinkedIn and Facebook . Benefits At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https: / / www.mybenefitsnow.com / databricks .
Our Commitment to Diversity and Inclusion
.
Compliance
If access to export-controlled technology or source code is required for performance of job duties, it is within Employers discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.
Job Classification
Industry: IT Services & ConsultingFunctional Area / Department: Engineering - Software & QARole Category: Quality Assurance and TestingRole: Blockchain Quality Assurance EngineerEmployement Type: Full timeContact Details:
Company: DatabricksLocation(s): Bengaluru+ View Contact
Keyskills: SAN Automation Coding HIPAA Javascript Application security Risk management Distribution system SDLC Python
Fraud Alert to job seekers!
₹ Not Disclosed
Similar positions
Databricks
Databricks?? mission is to accelerate innovation for its customers by unifying Data Science, Engineering and Business. Founded by the original creators of Apache Spark??, Databricks provides a Unified Analytics Platform for data science teams to collaborate with data engineering and lines of busi...
Job Listings
We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in