Golang Job: Senior Security Engineer - Red Team

While candidates in the listed locations are encouraged for this role, we are open to remote candidates in other locations.

The Cyber Offense Program encompasses the red team, penetration testing, and vulnerability research. Our job is to identify important vulnerabilities and demonstrate their real-world through scenario based operations we conduct against the company. Our goal is to promote change and improve the security posture of Databricks to protect our employees and customers.

You will have an important position within the team, focused on Offensive Operations, and responsible for contributing to the team strategy, planning, and delivering red and purple team exercises for Databricks. You will be pivotal in the success of these capabilities and it demands technical and operational experiences to achieve success throughout all work.

The impact you will have:

As part of this team, you will ....

• Implement red team operations using real world adversarial tactics and techniques to validate a production service's ability to detect, investigate, and respond.
• Advocate for security change across the company through building partnerships and communicating impact of risks
• Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery
• Write detailed reports covering the goals and outcomes of Red Team operations, including observations
• Collaborate with blue teams to improve readiness and run purple team operations
• Research new threats to improve red teaming efficacy and accuracy, and stay relevant.

What we look for:

• Identify vulnerabilities and develop exploits against them
• Explain vulnerability impact and root cause
• Knowledge of cloud based vulnerabilities and common pitfalls
• Programming languages and development tools such as: x86/x64/arm, C/C++, Java, Golang, and Python
• 5+ years experience with Adversary Emulation (Cybersecurity incident handling, Advanced Persistent Threats, social engineering tactics, defensive tools and platforms, MITRE ATT&CK/D3FEND, vulnerability tracking and remediation, etc.)
• 5+ years of experience with Endpoint Detection and Response (EDR) evasion, email sandbox evasion, network egress control evasion
• Experience working in Linux, MacOS, and cloud based environments
• An adversarial mindset
• Communicate well and collaborate across disparate teams and timezones

Benefits

• Health insurance reimbursement and collective healthcare scheme
• Life, accident and disability coverage
• Company pension
• Paid parental leave
• Annual vacation bonus
• Equity awards
• Gym reimbursement
• Annual personal development fund
• Work headphones reimbursement
• Business travel accident insurance
• Mental wellness resources