Sr. Staff Security Engineer, Incident Response

RDQ127R264

This role is open to remote candidates within the U.S. with a preference for those based in the San Francisco/ Bay Area or Seattle/Bellevue. U.S. citizenship is required.

Databricks is seeking an exceptional and strategic Sr. Staff Security Engineer Incident Response to join our Incident Response team. This pivotal role will provide decisions that have a direct impact on the long-term success of Databricks security posture creating solutions that enable potential future opportunities without a known path. You will play a key role in developing multi-year technology strategy for complete and critical areas of the business encompassing multiple systems and teams consistently delivering large-scale projects that meet company goals.

The Incident Response teams mission is to rapidly efficiently and standardly respond to security threats incidents and investigations to protect our customers employees and enterprise data. We leverage Databricks own platform for near-real-time log analytics alerting and forensics embracing a Security for Databricks on Databricks philosophy. As an Sr. Staff Security Engineer you will tackle the most technical SIRTs drive complex open-ended problems with no obvious path to success act as a multiplier by enabling systems authoring tools or introducing policies that elevate the entire organizations productivity.

The impact you will have:

• Strategic Impact & Technical Vision: Drive or influence the organizations direction and roadmap leading internal conversations about major technology areas and inspiring adoption. Provide decisions with direct long-term impact on Databricks success.
• Incident Leadership & Crisis Management: Lead complex investigations and impact analysis performing crisis management using the Incident Management System (IMS). Engage with various stakeholders and communicate findings to executive leadership ensuring successful navigation of major security incidents with minimal business impact.
• Advanced Threat Management: Exhibit expert knowledge in all cloud vendors used by Databricks (AWS Azure GCP) deeply understanding the entire architecture of major business components and articulating their security and risk limits. Drive the establishment of a cutting-edge threat detection and response program significantly reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents.
• Technical Innovation & Automation: Architect scalable and organized frameworks for security automation and orchestration including pre-investigation analysis and triage of alerts. Understand trends and directions of the security industry within your domain and architect large-scale designs consistent with organizational and company goals.
• Problem Solving: Demonstrate the ability to fix difficult and company-impactful problems wherever they lie even if outside your comfort zone. Possess a full understanding of what malicious activity looks like in each cloud layer (network storage compute) understanding existing logs and correlating from multiple sources during an investigation.
• Cross-Functional Collaboration & Mentorship: Serve as a role model and mentor to every technical member of the team. Identify areas where Databricks can share effectively with the outside world guiding content creation and communication via presentations and blogs. Work across departments integrating security practices into various aspects of the organization and product development lifecycle.

What we look for:

• Experience: Typically 12 years of experience in security with a strong focus on incident response detection and/or threat intelligence or an advanced degree with 8 years of experience. This includes deep expertise in Incident Management and Incident Response tool development.
• Cloud Security Expertise: Demonstrates knowledge of Azure and AWS cloud concepts showing expertise in analyzing logs correlating available log sources to conclude an attack scenario and identifying logging gaps to suggest best configurations for IR needs. You can function as an architect of cloud deployment and map cloud environment fundamentals to other major providers.
• Digital Forensics: Highly skilled in multiple areas of digital forensics (e.g. Network Application/Log Analysis Host/Disk Memory Forensics/Malware Analysis Cloud Forensics Endpoint Forensics) able to speak confidently on advanced concepts like virtualized networking advanced network anomalies and container forensics.
• Enterprise Security: Has a detailed understanding of enterprise security incidents and in-depth knowledge of malware on endpoints. Possesses expert understanding of MacOS security posture and architecture.
• Technical Depth: Proficient with SIEM and SOAR platforms EDR solutions and forensic analysis tools. Skilled in leveraging AI and automation technologies to enhance security operations and threat detection capabilities.
• Leadership & Communication: Exceptional ability to engage in difficult conversations handle them appropriately and exhibit empathy and emotional intelligence. Proven capability to build mentor and lead high-performing cybersecurity teams fostering a culture of excellence and continuous improvement. Strong communication of technical decisions through design docs and tech talks.
• Bias for Action & Collaboration: A history of proactively identifying and solving issues that impact the team and company. Demonstrates a strong desire to help peers and collaborate effectively.
• Customer/Stakeholder Obsessed: Able to push back or say no to unreasonable stakeholder requests in a professional and constructive manner.

U.S. Citizenship Requirement

This role will involve services that are covered by and must comply with the U.S. Government information security and federal contractor regulations including without limiation Department of Defense Cloud Computing Security Requirements for Impact Level 6 Cloud Service Provider personnel FedRAMP High baseline and requirements of certain federal contracts. Therefore this role is open to United States citizens on United States Soil only.

Required Experience:

Staff IC