You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments.

Responsibilities

• Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle
• Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry
• Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls
• Perform malware analysis and reverse engineering to extract indicators and inform detection strategies
• Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS
• Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic
• Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises
• Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment
• Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces
• Lead projects, mentor teammates, and champion quality standards within the team

Requirements

• 5+ years of experience in detection engineering, threat hunting, or security operations
• Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)
• Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration
• Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities
• Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)
• Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources
• Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)
• Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences
• Adversarial mindset , understanding how attackers operate to build detections that catch real-world threats

Preferred Qualifications

• Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments
• Background in malware analysis, reverse engineering, or threat research
• Experience with purple team operations , collaborating with offensive security to validate detections
• Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis
• Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows
• Interest in agentic automation , using LLMs to augment hunting, tuning, or triage
• Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations)
• Contributions to open-source detection content, research, or conference presentations
• Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM

XML job scraping automation by YubHub

In this role, you'll have end-to-end ownership of the architecture and technical strategy behind automation and agentic workflows that reduce mean time to mitigate (MTTM), boost quality, and enable our Support organization to scale impact without scaling headcount. You'll work hands-on with teams across Support, Product, and Platform Engineering to build seamless systems that anticipate customer needs before they arise.

You'll lead the technical foundation that transforms how customers experience support , where issues are auto-diagnosed, solutions are delivered instantly, and engineers focus their time on the toughest challenges. Your success will mean customers moving faster, trusting Databricks deeper, and feeling the impact of your systems every day.

Key responsibilities include:

• Owning the technical vision and architecture for Databricks' Support Automation and Tooling ecosystem
• Leading hands-on development of automation to improve customer experience and Support scalability
• Driving rapid, iterative development while upholding quality, safety, and reliability standards
• Designing agentic workflows that evolve from human-in-the-loop to fully automated systems
• Implementing observability, transparency, and rollback mechanisms for AI-driven decisions
• Acting as the primary technical interface between Support, Product, and Platform Engineering to align technical roadmaps and unblock dependencies
• Setting a high engineering bar for quality, reliability, and maintainability in line with Databricks standards
• Mentoring engineers and SMEs across Software and Support Engineering functions

We're looking for someone with:

• A BS or higher degree in Computer Science or a related field
• Technical leadership experience in large projects similar to those described, including automation tooling, distributed systems, and APIs
• Extensive full-stack development experience
• Proven success designing and deploying production-grade automation in complex technical environments
• Hands-on experience with ML-assisted systems, decision support, or agentic automation
• Deep familiarity with distributed data platforms, developer tooling, and large-scale infrastructure systems
• Understanding of multi-cloud environments (AWS, Azure, GCP), compliance, and security constraints

Pay Range Transparency

Databricks is committed to fair and equitable compensation practices. The pay range for this role is $190,000-$261,250 USD.

XML job scraping automation by YubHub