Job Title: Staff Product Security Engineer
\nLocation: United States
\nDepartment: Security
\nJob Description:
\nThis role can be based remotely anywhere in the United States. The Product Security Team's mission is to left-shift SDLC (Security Development Lifecycle) processes for all code written in Databricks (for customer use or supporting customers internally) to reduce the likelihood of introducing new vulnerabilities in production and minimize the count and effect of externally identified vulnerabilities on Databricks Services.
\nYou will be an individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing, and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident.
\nYou will work with a global team, spread across various locations in the US and EMEA.
\nThe impact you will have:
\nWhat we look for:
\nPay Range Transparency:
\nDatabricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected base salary range for non-commissionable roles or on-target earnings for commissionable roles. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipated utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above.
\nFor more information regarding which range your location is in visit our page here.
\nZone 1 Pay Range: $190,000 - $261,250 USD
\nZone 2 Pay Range: $171,000 - $235,200 USD
\nZone 3 Pay Range: $161,500 - $222,100 USD
\nZone 4 Pay Range: $152,000 - $209,000 USD
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_27d6fab4-848","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Databricks","sameAs":"https://databricks.com","logo":"https://logos.yubhub.co/databricks.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/databricks/jobs/7882009002","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$190,000 - $261,250 USD","x-skills-required":["threat modeling","security design reviews","manual code reviews","exploit writing","exploit chain creation","incident response","vulnerability response","SAST tools","DAST tools","automation","FedRamp","PCI","HIPAA","risk management","security processes","productivity","SDLC process","web security","cloud security","systems security","applied cryptography","programming languages","scripting","fuzzing"],"x-skills-preferred":[],"datePosted":"2026-04-18T15:42:34.724Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"United States"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"threat modeling, security design reviews, manual code reviews, exploit writing, exploit chain creation, incident response, vulnerability response, SAST tools, DAST tools, automation, FedRamp, PCI, HIPAA, risk management, security processes, productivity, SDLC process, web security, cloud security, systems security, applied cryptography, programming languages, scripting, fuzzing","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":190000,"maxValue":261250,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_ace25108-b9c"},"title":"Staff Product Security Engineer","description":"We are seeking an experienced and motivated Staff Product Security Engineer to join our growing Security team. As a Staff Product Security Engineer, you will be responsible for the end-to-end security of our consumer products, digital platform, and emerging hardware device line.
\nYour day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.
\nYou will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.
\nAs a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.
\nYou will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.
\nYou will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.
\nYou will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.
\nPreferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.
\nWork perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_ace25108-b9c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Greenlight","sameAs":"https://www.greenlight.com/","logo":"https://logos.yubhub.co/greenlight.com.png"},"x-apply-url":"https://jobs.lever.co/greenlight/18b7ac30-dbf6-4078-bf50-06772c47fdc7","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$165,000-200,000","x-skills-required":["product security","application security","cloud security","secure SDLC","threat modeling","penetration testing","security assessments","PSIRT operations","AI security","OWASP Top 10","MITRE","SAST","DAST","SCA","Claude","Cursor","MCP security","firmware integrity","hardware root of trust","IoT threat modeling"],"x-skills-preferred":["hardware and embedded security","PCI DSS","COPPA"],"datePosted":"2026-04-17T12:35:45.706Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Atlanta"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Finance","skills":"product security, application security, cloud security, secure SDLC, threat modeling, penetration testing, security assessments, PSIRT operations, AI security, OWASP Top 10, MITRE, SAST, DAST, SCA, Claude, Cursor, MCP security, firmware integrity, hardware root of trust, IoT threat modeling, hardware and embedded security, PCI DSS, COPPA","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":165000,"maxValue":200000,"unitText":"YEAR"}}}]}