RDQ326R18
The Red Team is committed to proactively identifying and mitigating security threats across our infrastructure, applications, and cloud environments. Through rigorous offensive security assessments, adversarial testing, and vulnerability research, we aim to uncover and address weaknesses before they can be exploited by real-world attackers. By simulating real-world attack scenarios, we help enhance our security posture, ensuring resilience against emerging threats and fostering a culture of security awareness throughout the organization.
The Impact You Will Have:
You will be a key member of the Red Team at Databricks, conducting security assessments, developing novel attack techniques, and working across teams to improve our defensive capabilities. Your work will involve:
* Conducting Red Team operations on cloud environments, infrastructure, and applications to identify and exploit security weaknesses in both development and production environments.
* Developing and refining tools, exploits, and automation to simulate real-world adversarial techniques against enterprise security controls.
* Performing vulnerability research and exploit development, including discovering zero-days, bypassing security controls, and creating proof-of-concept exploits.
* Assessing cloud security risks across AWS, Azure, and GCP environments, including IAM misconfigurations, container security, and lateral movement strategies.
* Collaborating with internal security and engineering teams to provide remediation guidance, enhance security monitoring, and improve detection and response capabilities.
* Researching emerging threats in cloud security, web applications, and infrastructure, sharing findings internally and contributing to the broader security community.
* Performing security design reviews to ensure new products and infrastructure components are built with security best practices from inception.
What We Look For:
The ideal candidate will have a strong background in offensive security, cloud security, and vulnerability research.
* Expertise in Red Teaming, penetration testing, and adversary simulation techniques.
* Deep knowledge of cloud security (AWS, Azure, GCP), including IAM, networking, containers, orchestration (kubernetes) and serverless architectures.
* Strong programming skills in Python, C/C++, or Go for exploit development, automation, and tool creation.
* Experience developing and weaponizing exploits for vulnerabilities in cloud environments, applications, and infrastructure.
* Strong understanding of modern attack techniques, including phishing, persistence mechanisms, privilege escalation, and lateral movement.
* Knowledge of security tooling (e.g., C2 frameworks, EDR evasion, malware development, fuzzing, and reverse engineering).
* Excellent problem-solving skills and the ability to think like an adversary.
* Strong communication skills, with the ability to document findings clearly and present them to technical and non-technical audiences.
* Typically 4+ years of experience in offensive security, vulnerability research, or Red Teaming, or an advanced degree (MS/PhD) with 3+ years of experience in the security domain.
* BS or higher in Computer Science, Cybersecurity, or a related field.
If you're passionate about offensive security and enjoy breaking things to make them better, we'd love to hear from you!