Senior Security Engineer, Incident Response

RDQ326R15

The Incident Response team's mission is to respond to security threats, incidents and investigations to protect our customers, employees and enterprise data in a fast, efficient and standardised manner. We're a tight-knit team of security incident responders and incident handlers doing "Security for Databricks on Databricks", using our own platform to create near-real-time log analytics, alerting and forensics.

You will be an individual contributor on the security Incident Response (IR) team at Databricks, reporting to the Head of Incident Response. You will be responsible for leading incidents, investigations and security initiatives from postmortems. You will be a security multiplier and help the team scale security incident response at Databricks.

• 
  
• You will identify problems with ambiguous requirements (lack of clarity, inconsistencies, technical limitations) for their work, and communicate these issues early to help course-correct.
  
• You will communicate technical decisions through design docs, tech talks and mentor junior security responders via security guidance, design reviews and code reviews.
  
• You will triage and respond to security events and alerts by understanding existing logs, correlating from multiple sources during an investigation.
  
• Respond to new incidents as part of a distributed 24x7 operations and oncall schedule.
  
• You will build automation to improve security incident response and alerts triage.
  

• 
  
• Bachelor's Degree AND 4+ years experience in Incident Response work OR Master's Degree AND 2+ years experience.
  
• Cloud Security Essentials in at least one of AWS, GCP or Azure. Working knowledge of GCP and Azure.
  
• Broad Security subject matter expertise.
  
• Expertise in a few core IR skills (DFIR, Reverse Engineering, Traditional Network Security, Storage and access security, Sandboxing, Compute security, etc).
  
• Experience with Enterprise Security and SaaS applications.
  
• Working knowledge of a SIEM and SOAR.
  
• Have experience building Incident Response Tooling and scripting language skills.
  

At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit Commitment to Diversity and Inclusion

At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics. xcfaprz

If access to export-controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.