• Maintaining the overarching operational security posture and managing the day-to-day security operations of your assigned Information System (IS); • Developing, reviewing, and maintaining security and authorization documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs); • Performing vulnerability/risk assessment analyses to support assessment and authorization (A&A); • Ensuring the implementation and maintenance of security controls in accordance with the SSP and the organization's security policies, standards, and procedures; • Supporting security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF). • Providing configuration management (CM) for IS security software, hardware, and firmware, and leading Change Control Board (CCB) meetings; and, • Providing guidance and security expertise to program leadership.

Role Description Databricks is hiring an L5 Enterprise Security Engineer to expand Enterprise Security coverage across a rapidly evolving enterprise environment. This role will focus on securing enterprise applications, cross-system integrations, data flows, and emerging AI-adjacent use cases. The scope includes modern access patterns such as MCP, integration, and trust boundary security, and broader security engineering support across enterprise platforms and services. This engineer will help identify risk, define practical security requirements, and improve security outcomes through strong technical judgment and cross-functional partnership. This role sits at the intersection of enterprise architecture, security engineering, and business enablement. The engineer will: - Review new technologies, integrations, and workflows with an emphasis on secure design, authentication and authorization, data handling, logging, third-party connectivity, API and token security, and operational resilience. - Partner closely with IT, Engineering, Legal, Privacy, Procurement, and business stakeholders to surface risk early, set clear requirements, and support scalable adoption of secure patterns. - Help shape how Enterprise Security supports SaaS, internal platforms, automation, and AI-connected systems as the environment continues to grow in complexity. Qualifications - 7+ years of experience in security engineering, enterprise security, application security, cloud security, or a related field. - Experience conducting security design or architecture reviews for enterprise applications, SaaS platforms, integrations, or internally developed systems. - Strong understanding of authentication, authorization, SSO, federation, SCIM, API security, token handling, secrets management, and least privilege design. - Experience assessing data flows, third-party integrations, trust boundaries, logging and monitoring, and security controls across interconnected systems. - Ability to evaluate risk in modern enterprise environments, including automation platforms, AI-adjacent workflows, and emerging integration patterns such as MCP. - Strong written and verbal communication skills, including the ability to translate technical risk into clear requirements and actionable guidance. - Experience driving security outcomes through engineering judgment, influence, and scalable process improvement. - Familiarity with cloud platforms, enterprise identity systems, and core control domains such as audit logging, encryption, access control, data retention, and incident response. Requirements - Strengthen security practices across enterprise application and integration reviews by identifying key risks early, improving requirement quality, and helping teams address security issues earlier in the lifecycle. - Strengthen Enterprise Security’s capability to assess and guide AI-adjacent security, MCP and integration security, and cross-system data flow risk, while improving the consistency and scale of security reviews. Benefits - At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit mybenefitsnow.com/databricks .

• Ensure Entrusts Public Key Infrastructure Certificate Authority (PKI CA) products meet applicable compliance frameworks, customer contractual requirements, and emerging standards across multiple communities of trust. • Provide support as needed to ensure that other DSS products remain in compliance with the applicable frameworks, regulatory requirements and customer contractual requirements for each. • Escalate compliance issues that arise in production service environments to the Entrust Policy Management Authority (EPMA) while maintaining on-going ownership of the issues and supporting PA/EPMA direction through issue resolution. • Facilitate external auditor engagements, organize required compliance evidence, schedule required resources, submit required reports, and manage audit timelines. • Closely monitor and advise product and development teams on regulatory priorities and emerging PKI use cases from multiple communities of trust (e.g., financial services, healthcare, government). • Feedback and monitor requirements and/or requirements change for each community of trust to the internal teams, ensuring alignment with Entrust’s compliance strategy. • Represent Entrust and take the lead on standards body engagement, as directed. • Make recommendations and follow-up to mitigate compliance risks and drive continuous improvement. • Oversee and drive the end-to-end operational security compliance and audit programs for WTCA and other applicable frameworks. • Review and make recommendations on operational procedures to ensure they efficiently and effectively comply with all relevant requirements. • Contribute applicable metrics to product compliance scorecards. • Facilitate timely identification, communication, and recommended resolution of compliance risks. • Serve as the internal and customer-facing subject matter expert on compliance frameworks (including WTCA and others). • Advise customers and internal stakeholders on best practices, compliance, and audit processes across multiple standards.

• Contribute to service engagements focused on securing AI systems and applying AI tools • Assess, develop, and modernize cybersecurity programs to enhance security posture • Perform technical analysis to identify and secure AI workloads • Perform threat modeling to evaluate the risk posed by new tools and architectures • Identify and develop use cases for automation and "agentification" of security workflows • Produce high-quality written and verbal reports, presentations, recommendations, and findings