Senior Security Engineer, Red Team

RDQ326R18

The Red Team is committed to proactively identifying and mitigating security threats across our infrastructure applications and cloud environments. Through rigorous offensive security assessments adversarial testing and vulnerability research we aim to uncover and address weaknesses before they can be exploited by real-world attackers. By simulating real-world attack scenarios we help enhance our security posture ensuring resilience against emerging threats and fostering a culture of security awareness throughout the organization.

The Impact You Will Have:

You will be a key member of the Red Team at Databricks conducting security assessments developing novel attack techniques and working across teams to improve our defensive capabilities. Your work will involve:

• Conducting Red Team operations on cloud environments infrastructure and applications to identify and exploit security weaknesses in both development and production environments.
• Developing and refining tools exploits and automation to simulate real-world adversarial techniques against enterprise security controls.
• Performing vulnerability research and exploit development including discovering zero-days bypassing security controls and creating proof-of-concept exploits.
• Assessing cloud security risks across AWS Azure and GCP environments including IAM misconfigurations container security and lateral movement strategies.
• Collaborating with internal security and engineering teams to provide remediation guidance enhance security monitoring and improve detection and response capabilities.
• Researching emerging threats in cloud security web applications and infrastructure sharing findings internally and contributing to the broader security community.
• Performing security design reviews to ensure new products and infrastructure components are built with security best practices from inception.

What We Look For:

The ideal candidate will have a strong background in offensive security cloud security and vulnerability research.

• Expertise in Red Teaming penetration testing and adversary simulation techniques.
• Deep knowledge of cloud security (AWS Azure GCP) including IAM networking containers orchestration (kubernetes) and serverless architectures.
• Strong programming skills in Python C/C or Go for exploit development automation and tool creation.
• Experience developing and weaponizing exploits for vulnerabilities in cloud environments applications and infrastructure.
• Strong understanding of modern attack techniques including phishing persistence mechanisms privilege escalation and lateral movement.
• Knowledge of security tooling (e.g. C2 frameworks EDR evasion malware development fuzzing and reverse engineering).
• Excellent problem-solving skills and the ability to think like an adversary.
• Strong communication skills with the ability to document findings clearly and present them to technical and non-technical audiences.
• Typically 4 years of experience in offensive security vulnerability research or Red Teaming or an advanced degree (MS/PhD) with 3 years of experience in the security domain.
• BS or higher in Computer Science Cybersecurity or a related field.

If youre passionate about offensive security and enjoy breaking things to make them better wed love to hear from you!

Required Experience:

Senior IC