Databricks is seeking an exceptional and strategic Sr. Staff Security Engineer, Incident Response to join our Incident Response team. This pivotal role will provide decisions that have a direct impact on the long-term success of Databricks' security posture, creating solutions that enable potential future opportunities without a known path.
Responsibilities:
- Drive or influence the organization’s direction and roadmap, leading internal conversations about major technology areas and inspiring adoption
- Provide decisions with direct, long-term impact on Databricks' success
- Lead complex investigations and impact analysis, performing crisis management using the Incident Management System (IMS)
- Engage with various stakeholders and communicate findings to executive leadership, ensuring successful navigation of major security incidents with minimal business impact
- Exhibit expert knowledge in all cloud vendors used by Databricks (AWS, Azure, GCP), deeply understanding the entire architecture of major business components and articulating their security and risk limits
- Drive the establishment of a cutting-edge threat detection and response program, significantly reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents
- Architect scalable and organized frameworks for security automation and orchestration, including pre-investigation analysis and triage of alerts
- Understand trends and directions of the security industry within your domain and architect large-scale designs consistent with organizational and company goals
- Demonstrate the ability to fix difficult and company-impactful problems wherever they lie, even if outside your comfort zone
- Possess a full understanding of what malicious activity looks like in each cloud layer (network, storage, compute), understanding existing logs and correlating from multiple sources during an investigation
- Serve as a role model and mentor to every technical member of the team
- Identify areas where Databricks can share effectively with the outside world, guiding content creation and communication via presentations and blogs
- Work across departments, integrating security practices into various aspects of the organization and product development lifecycle
Requirements:
- Typically 12+ years of experience in security, with a strong focus on incident response, detection, and/or threat intelligence, or an advanced degree with 8+ years of experience
- Deep expertise in Incident Management and Incident Response tool development
- Demonstrates knowledge of Azure and AWS cloud concepts
- Expertise in analyzing logs, correlating available log sources to conclude an attack scenario, and identifying logging gaps to suggest best configurations for IR needs
- Ability to function as an architect of cloud deployment and map cloud environment fundamentals to other major providers
- Highly skilled in multiple areas of digital forensics (e.g., Network, Application/Log Analysis, Host/Disk, Memory Forensics/Malware Analysis, Cloud Forensics, Endpoint Forensics)
- Ability to speak confidently on advanced concepts like virtualized networking, advanced network anomalies, and container forensics
- Detailed understanding of enterprise security incidents and in-depth knowledge of malware on endpoints
- Expert understanding of MacOS security posture and architecture
- Proficient with SIEM and SOAR platforms, EDR solutions, and forensic analysis tools
- Skilled in leveraging AI and automation technologies to enhance security operations and threat detection capabilities
- Exceptional ability to engage in difficult conversations, handle them appropriately, and exhibit empathy and emotional intelligence
- Proven capability to build, mentor, and lead high-performing cybersecurity teams, fostering a culture of excellence and continuous improvement
- Strong communication of technical decisions through design docs and tech talks
- A history of proactively identifying and solving issues that impact the team and company
- Demonstrates a strong desire to help peers and collaborate effectively
- Able to push back or say no to unreasonable stakeholder requests in a professional and constructive manner
- U.S. citizenship is required