As part of the Security Detection team at Databricks, you will play a critical role in safeguarding our products, cloud infrastructure, endpoints, and employees from modern cyber threats. Our team combines deep expertise in machine learning, log analysis, cybersecurity, and software development to create a robust and scalable detection platform. Embracing the "Detection-as-Code" model, we build detections on our own Databricks platform, ensuring that our security measures are deeply integrated with our technology stack.
In this role, you will work with cutting-edge machine learning techniques to design and implement scalable intrusion detection solutions at the enterprise level. You'll partner with our product and data engineering teams to optimize log ingestion pipelines, fuse diverse log sources, and develop anomaly-based and ML-driven detection strategies. You will be instrumental in enhancing the organization's threat detection capabilities by utilizing novel data sources, exploring new attack vectors, and refining our detection models.
You will be an individual contributor on the Security Detection team at Databricks, reporting to the Sr Manager of Detection Engineering.
Key Responsibilities:
- Design and implement advanced detection strategies by deeply understanding and analyzing new or unknown log sources, schemas, and raw data.
- Collaborate with cross-functional teams, including product and data engineering teams, to build efficient log ingestion pipelines and support large-scale data analytics.
- Engineer and deploy detection solutions on Databricks using Spark, Python, and other cutting-edge technologies with a strong emphasis on clean code, rigorous testing, and comprehensive documentation.
- Develop Rule-based and/or ML-based intrusion detection models and integrate them with Databricks' platform, ensuring high accuracy and minimal false positives.
- Partner with Incident Response teams to perform threat hunting and to provide detailed logging, alerts, and playbooks, empowering proactive threat detection and response.
- Influence the development of long-term technology strategies and roadmaps for detection engineering, ensuring alignment with broader business and security goals.
- Represent Databricks at security and engineering conferences, presenting novel detection approaches and thought leadership within the security community.
What we look for:
- 10+ years of relevant experience or advanced degree + 7 years of experience, with a focus on security detection engineering.
- 6+ years of software engineering experience, with 4+ years specifically in security-related engineering, particularly in detection engineering.
- Expertise in securing and operating at least one major cloud environment (AWS, Azure, GCP).
- Strong technical proficiency in key areas such as network security, cloud security, application/log analysis, and endpoint security.
- Proven experience in Python, Git/GitHub, and CI/CD automation (terraform knowledge is a plus).
- Familiarity with distributed computing environments (e.g., Pyspark), SQL, data analysis tools, and machine learning.
- A strong passion for continuous learning and staying updated on evolving attack techniques and defense strategies.
- Excellent communication skills, with the ability to collaborate effectively across teams and present complex ideas clearly to stakeholders at all levels.
- A leadership mindset with the ability to mentor peers, drive strategic initiatives, and influence the organization’s security direction.
In this role, you will be expected to work autonomously and take ownership of large projects. Your work will directly contribute to shaping the long-term success of Databricks' security infrastructure, and you'll be a key driver in the continued evolution of our detection systems.
Pay Range Transparency
Databricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected salary range for non-commissionable roles or on-target earnings for commissionable roles. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipates utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above. For more information regarding which range your location is in visit our page here.
Zone 1 Pay Range
$178,200—$273,200 USD
Zone 2 Pay Range
$160,300—$245,800 USD
Zone 3 Pay Range
$151,400—$232,200 USD
Zone 4 Pay Range
$142,500—$218,500 USD
About Databricks
Databricks is the data and AI company. More than 10,000 organizations worldwide — including Comcast, Condé Nast, Grammarly, and over 50% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark™, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.
**Benefits
**At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region click here.
Our Commitment to Diversity and Inclusion
At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics.
Compliance
If access to export-controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.