Senior Security Engineer, Red Team

Summary

Join Databricks' Red Team as a key member, conducting security assessments and developing attack techniques to enhance defensive capabilities. You will perform Red Team operations on cloud environments, develop tools and exploits, and research vulnerabilities. Responsibilities include assessing cloud security risks across AWS, Azure, and GCP, collaborating with internal teams, and researching emerging threats. The ideal candidate possesses a strong background in offensive security, cloud security, and vulnerability research, along with expertise in Red Teaming and penetration testing. This role offers a competitive salary and benefits package, and can be based remotely anywhere in the United States.

Requirements

• Expertise in Red Teaming, penetration testing, and adversary simulation techniques
• Deep knowledge of cloud security (AWS, Azure, GCP), including IAM, networking, containers, orchestration (kubernetes) and serverless architectures
• Strong programming skills in Python, C/C++, or Go for exploit development, automation, and tool creation
• Experience developing and weaponizing exploits for vulnerabilities in cloud environments, applications, and infrastructure
• Strong understanding of modern attack techniques, including phishing, persistence mechanisms, privilege escalation, and lateral movement
• Knowledge of security tooling (e.g., C2 frameworks, EDR evasion, malware development, fuzzing, and reverse engineering)
• Excellent problem-solving skills and the ability to think like an adversary
• Strong communication skills , with the ability to document findings clearly and present them to technical and non-technical audiences
• Typically 4+ years of experience in offensive security , vulnerability research, or Red Teaming, or an advanced degree (MS/PhD) with 3+ years of experience in the security domain
• BS or higher in Computer Science, Cybersecurity, or a related field

Responsibilities

• Conduct Red Team operations on cloud environments, infrastructure, and applications to identify and exploit security weaknesses in both development and production environments
• Develop and refine tools, exploits, and automation to simulate real-world adversarial techniques against enterprise security controls
• Perform vulnerability research and exploit development, including discovering zero-days, bypassing security controls, and creating proof-of-concept exploits
• Assess cloud security risks across AWS, Azure, and GCP environments, including IAM misconfigurations, container security, and lateral movement strategies
• Collaborate with internal security and engineering teams to provide remediation guidance, enhance security monitoring, and improve detection and response capabilities
• Research emerging threats in cloud security, web applications, and infrastructure, sharing findings internally and contributing to the broader security community
• Perform security design reviews to ensure new products and infrastructure components are built with security best practices from inception

Benefits

• Annual performance bonus
• Equity