Senior Security Engineer, Incident Response

RDQ326R15 The Incident Response team's mission is to respond to security threats, incidents and investigations to protect our customers, employees and enterprise data in a fast, efficient and standardised manner. We're a tight-knit team of security incident responders and incident handlers doing "Security for Databricks on Databricks", using our own platform to create near-real-time log analytics, alerting and forensics. You will be an individual contributor on the security Incident Response (IR) team at Databricks, reporting to the regional IR manager. You will be responsible for conducting security analysis and forensics, responding to high-priority alerts and contributing to automations and agentic capabilities. You will be a security multiplier and help the team scale security incident response at Databricks. The impact you will have:

You will respond to incidents as part of a distributed 24x7 operations and on-call schedule. You will triage and respond to security events and alerts, ensuring quick and effective containment. You will contribute to security investigations, conducting analysis and forensics across a range of data sources to determine the timeline and impact of security events. You will build automations, including leveraging AI and agentic platforms, to deliver autonomous capabilities, expedite your work and scale the impact of the team. You will communicate technical decisions through design docs and tech talks, and mentor junior security responders via security guidance, design reviews and code reviews.

What we look for:

Bachelor's Degree AND 4+ years experience in Incident Response work OR Master's Degree AND 2+ years experience. Strong cloud security background in at least 1 of AWS, GCP or Azure, and working knowledge of the others. Knowledge of AI/LLM and agentic capabilities, including effective prompting and use of MCP, agents and agent skills. Prefer experience with building and operating agentic systems in a security setting. Broad security subject matter expertise. Expertise in few core IR skills (DFIR , Reverse Engineering, Traditional Network Security, Storage and access security, Sandboxing, Compute security, etc.). Experience with Enterprise Security and SaaS applications. Working knowledge of a SIEM and SOAR. Experience building Incident Response Tooling and scripting language skills.

About Databricks Databricks is the data and AI company. More than 10,000 organizations worldwide — including Comcast, Condé Nast, Grammarly, and over 50% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark™, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.BenefitsAt Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region click here. Our Commitment to Diversity and Inclusion At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics. Compliance If access to export-controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.