RDQ324R163

Location: United States; open to remote or hybrid. This role is subject to FedRAMP requirements.

The Incident Response team’s mission is to respond to security threats, incidents and investigations to protect our customers, employees and enterprise data in a fast, efficient and standardized manner. We’re a tight-knit team of security analysts and incident responders located globally doing "Security for Databricks on Databricks", using our own platform to create near-real-time log analytics, alerting and forensics.

We’re looking for a talented Security Engineering Manager who can bring their domain expertise and experience in managing a team of incident responders, lead complex investigation and impact analysis, develop new forensic capabilities and tools,  improve security operations efficiency through automation with SIEM and SOAR platforms.The position reports to Sr Mgr, Incident Response and it may include up to 50% of technical hands-on work as needed. 

The ideal candidate is someone who can lead the team during investigations well even under pressure, engage with various stakeholders, communicate findings and investigations results to leadership, proactively build large scale projects for automation &  improvements for faster incident response and provide timely and actionable feedback to their team to continue raising the bar for Security at Databricks.

• The impact you will have: 
• Grow and develop the team reflecting the culture of Databricks culture principles as applied to their team, including in difficult situations. This also includes, but is not limited to, performance management and timely and actionable feedback, with minimal attrition.
• Timely achieve IR targets (OKRs, KPIs and  initiatives) that improve our capabilities to respond and remediate security events faster. This will also require making effective priority decisions on resourcing and alignment within the team.
• Maintain strong partnership with Detection & Response leadership and other teams in Security Org and Databricks (e.g.Engineering and IT) 
• Review and architect scalable and organized frameworks for security automation and orchestration and pre-investigation analysis and triage of alerts from various sources like detection pipelines, exploitable vulnerabilities and reports.
• Perform crisis management using the Incident Management System (IMS). You will  lead investigations, engage with various stakeholders as necessary and communicate investigations to leadership and drive towards incident resolution.
• Respond rapidly to new incidents as part of a distributed daytime operations and on-call schedule.

What we look for:

• 7+ years of Security experience overall with a broad knowledge across the Security domain, demonstrating strong understanding of cybersecurity principles, technologies, and attack vectors, especially in Cloud Security (proficient at least in one major cloud vendor among AWS, Azure and GCP). 
• 5+ years of Incident Response experience with expertise in Incident Management and Incident Response tool development. Experience with security incident and event management (SIEM) tools, intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) solutions and forensic analysis tools
• 0-2 years of prior management experience or equivalent (demonstrated work leading teams of incident responders  or security experts) 
• Strong analytical and problem-solving abilities, with the ability to analyze complex security incidents and identify effective response strategies
• Ability to work effectively in a fast-paced, dynamic environment and manage competing priorities
• Ability to provide leadership and guidance to a team and to inspire and motivate their team and those around them
• Proven ability to interview and consistently make high quality hiring decisions quickly