Senior Enterprise Security Engineer

Databricks
Summary
Join Databricks' growing team as a Sr. Enterprise Security Engineer, contributing to enterprise security projects and promoting best practices. You will play a critical role in ensuring the security of business systems and applications. Key responsibilities include conducting security design reviews, developing threat models, analyzing data flows, providing guidance on security policies, performing risk assessments, and improving security processes. The ideal candidate possesses strong expertise in enterprise application security, risk assessment, and secure architecture principles. This position requires a Bachelor's degree in Engineering or relevant experience and substantial experience as a Security Engineer with enterprise security experience.
Requirements
- Engineering Bachelor's Degree, or relevant experience
- Substantial demonstrated expertise as a Security Engineer with experience in Enterprise security
- Strong knowledge of threat modeling methodologies (e.g., STRIDE, DREAD, PASTA) and their application in real-world scenarios
- Significant experience with NIST 800-53 or similar frameworks
Responsibilities
- Conduct security design reviews for corporate applications and systems, identifying architectural weaknesses and security gaps
- Develop comprehensive threat models to assess attack vectors, vulnerabilities, and mitigations in our deployment and product interactions
- Analyze data flows to understand how sensitive data is stored, processed, and transmitted across applications and infrastructure
- Provide guidance on the implementation of Databricks security policies, standards, and frameworks aligned with industry best practices (e.g., NIST, ISO 27001, OWASP)
- Perform risk assessments and recommend appropriate mitigations to reduce the attack surface
- Continuously evaluate and improve security design review processes and tooling introducing automation where appropriate
Preferred Qualifications
- Experience with automating security reviews is desirable
- Expertise in offering perspective and guidance on an enterprise scale for public and internal services in a cloud-centric environment
- Skill and experience with Identity and Access Management (IAM) solutions such as Okta; Device Management solutions such as Jamf/Intune; tuning EDR (Crowdstrike/SentinelOne/similar) with complex engineering/development workloads; and Just In Time administrative access is desirable
- Familiarity with network access solutions (CASBs/Prisma/NAC) is advantageous
- A passion for working in high-growth environments
Benefits
At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https://www.mybenefitsnow.com/databricks