Sr Manager, Product Security
The Product Security Team's mission is to Left-shift SDLC (Security Development Lifecycle) processes for ALL code written in Databricks (for Customer Use or Supporting Customer internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.
You will be the first leader on the Product Security team at Databricks India, managing SDLC functions for features and products within Databricks. This would include security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will be a Security Site lead supporting other Security Team members in the APAC region.
The position reports to the Head of Product Security and would be directly responsible for all the Product Security related functions as directly assigned to the team in India. In parallel, the role would be responsible for providing a site leadership to other members of the security organization based in India. While the task and assignments will come from the respective team leaders, this role would have a dotted line reporting from these employees. This role requires the individual to be based in Bengaluru.
The impact you will have:
- Scale the Security org at Databricks India by building an outstanding team , by hiring strong security engineers
- Support security engineers in their career development by providing clear feedback and developing security leaders.
- Ensure high technical standards by instituting processes (security development lifecycle, exploit development, automation, etc) and culture (engineering excellence).
- Work with engineering and product leadership to build a partnership and guide development decisions with bias for security.
- Coordinate execution and collaborate across teams to unblock cross-cutting projects.
What we look for:
- 12+ years of industry experience in the Security domain
- 6+ years of managerial experience, alongside experience in hiring and developing especially senior technical talent in the Security space.
- Solid understanding of product security fundamentals with expertise on Threat Modeling, and a working knowledge of exploit writing.
- Focused on defining and driving efficiencies and improvements within their team
- Strong understanding on two or more of the following domains - Web Security, Cloud Security, Applied Crypto or System Security.
- You will make effective priority decisions on resourcing and alignment within their team
- You define and achieve targets (e.g. OKRs, KPIs) of the team
- Demonstrate leverage by executing through other leaders
- Team player that will work with other departments (Eng, IT, PM, Sales, CS)
- Benefits allowance
- Employee's Provident Fund
- Equity awards
- Gym reimbursement
- Annual personal development fund
- Work headphones reimbursement
- Business travel insurance
- Paid Parental Leave
Databricks is the data and AI company. More than 10,000 organizations worldwide — including Comcast, Condé Nast, Grammarly, and over 50% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark™, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.
Our Commitment to Diversity and Inclusion
At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics.
If access to export-controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.