National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Staff Product Security Engineer

Databricks
Greater London
2 weeks ago
Create job alert

RDQ226R474

The Product Security Team's mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.


You will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. You will work with a global team, spread across various locations in the US and EMEA.


The impact you will have:

Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc.


Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed.
Work with the results of SAST tools to help evaluate and identify false positives and file defects for real issues.
Work on DAST tools and related automation for auto-assessment and defect filing.
Maintain the automation framework and add new features as needed to support different security compliances that Databricks may want to get into – FedRamp, PCI, HIPPA, etc.
Prioritize security from a risk management perspective, rather than an absolute textbook version.
Help develop and implement security processes to improve the overall productivity of the product security organization and the SDLC process in general

What we look for:

5-10 years Experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow.


Solid understanding on at least two of the following domains - Web Security, Cloud Security, Systems Security and Applied Cryptography.
Proficient with one or more of Programming languages ( Python/Java/Scala/JavaScript) and ability to read code to identify security defects.
Strong skills on scripting and automation on exploits
Fuzzing skills are good to have.
Exploit writing skills is a positive and greatly required.

Related Jobs

View all jobs

Staff Product Security Engineer

Staff Security Engineer, Field Assurance

IT Security Engineer - Global Software company

Senior Security Engineer, Detection and Response

Principal Security Engineer (Risk Specialist)

Senior Information Security Consultant

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.

Jobs

Cyber Security Jobs Salary Calculator 2025: Check Your Market Value in Seconds

Why yesterday’s pay survey no longer protects you. “Could I earn more at a managed SOC?” “Is that fintech’s offer really competitive?” Every UK cyber‑security professional asks some version of those questions—usually after another colleague lands a pay rise, a recruiter sends a tempting JD, or a fresh breach makes headline news. Yet salary guides published even last year feel as out‑of‑date as a forgotten antivirus signature. Since 2024, ransomware gangs switched to double‑extortion, deepfake phishing exploded, & the EU’s NIS2/DORA regulations bled into UK contracts despite Brexit. With each shift, salary bands move. To cut through stale averages, CybersecurityJobs.tech distilled a three‑factor formula that lets you estimate a realistic 2025 salary in under a minute. Feed in your role, your UK region, & your seniority level. The output arms you with data‑driven leverage for your next appraisal, job application, or freelance rate card. This article explains the formula, reveals the forces pushing cyber pay ever higher, & outlines five practical moves to boost your market value within ninety days.

Careers

How to Present Cyber Security Solutions to Non-Technical Audiences: A Public Speaking Guide for Job Seekers

Cyber security is no longer just an IT issue—it’s a board-level priority. Whether you’re applying for a role in penetration testing, security operations, risk management, or compliance, your ability to clearly explain cyber threats and solutions to non-technical stakeholders is vital. This guide will help cyber security job seekers develop one of the most in-demand soft skills in the industry: public speaking. You’ll learn how to simplify complex concepts, structure effective presentations, use storytelling and analogies, and handle common stakeholder questions with confidence.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.