Senior Security Engineer, Incident Response

RDQ326R15

The Incident Response team's mission is to respond to security threats, incidents and investigations to protect our customers, employees and enterprise data in a fast, efficient and standardised manner. We're a tight-knit team of security incident responders and incident handlers doing "Security for Databricks on Databricks", using our own platform to create near-real-time log analytics, alerting and forensics.

You will be an individual contributor on the security Incident Response (IR) team at Databricks, reporting to the regional IR manager. You will be responsible for conducting security analysis and forensics, responding to high-priority alerts and contributing to automations and agentic capabilities. You will be a security multiplier and help the team scale security incident response at Databricks.

The impact you will have:

• You will respond to incidents as part of a distributed 24x7 operations and on-call schedule.
• You will triage and respond to security events and alerts, ensuring quick and effective containment.
• You will contribute to security investigations, conducting analysis and forensics across a range of data sources to determine the timeline and impact of security events.
• You will build automations, including leveraging AI and agentic platforms, to deliver autonomous capabilities, expedite your work and scale the impact of the team.
• You will communicate technical decisions through design docs and tech talks, and mentor junior security responders via security guidance, design reviews and code reviews.

What we look for:

• Bachelor's Degree AND 4+ years experience in Incident Response work OR Master's Degree AND 2+ years experience.
• Strong cloud security background in at least 1 of AWS, GCP or Azure, and working knowledge of the others.
• Knowledge of AI/LLM and agentic capabilities, including effective prompting and use of MCP, agents and agent skills. Prefer experience with building and operating agentic systems in a security setting.
• Broad security subject matter expertise.
• Expertise in few core IR skills (DFIR , Reverse Engineering, Traditional Network Security, Storage and access security, Sandboxing, Compute security, etc.).
• Experience with Enterprise Security and SaaS applications.
• Working knowledge of a SIEM and SOAR.
• Experience building Incident Response Tooling and scripting language skills.