Senior Staff Threat Hunter & Intelligence Engineer - Databricks

About The Position

Requirements

• 12+ years in cybersecurity with 6+ years focused on threat hunting, threat intelligence, or detection engineering.
• Deep expertise with nation-state and e-crime threat actors' TTPs, trends, and historical targets.
• Experience working with large-scale security datasets and big data platforms.
• Strong Python programming experience with a background in PySpark, distributed computing frameworks, or Databricks' platform.
• Deep understanding of cloud security across AWS, Azure, and GCP—including cloud-native logging, security controls, and container/Kubernetes security.
• Strong knowledge of OS internals across macOS, Linux, and containerized environments.
• Experience with enterprise-scale software development practices including infrastructure-as-code, code review, and large codebase management.
• Demonstrated experience conducting hypothesis-driven threat hunts with measurable outcomes.
• Experience defining and driving multi-year security program strategy.
• Thought leadership around the application of cybersecurity frameworks, such as MITRE ATT&CK and D3FEND.
• Applied CTI skills including consuming and operationalizing IOCs/TTPs, tracking campaigns, and conducting research.
• Experience influencing technical decisions beyond your immediate team.
• A track record of mentoring Staff+ engineers.

Nice To Haves

• Experience with Databricks platform or similar (Spark, Delta Lake, MLflow).
• Experience protecting multi-tenant SaaS/PaaS environments.
• Experience using AI, Large Language Models or machine learning to automate cybersecurity operations.
• Experience with purple team operations and adversary emulation.
• Published research at major cybersecurity conferences or in academic journals.
• Contributions to impactful open-source security projects or software patents in the cybersecurity domain.

Responsibilities

• Define the strategic vision and roadmap for a structured, repeatable threat hunting program using hypothesis-driven methodologies aligned with industry frameworks.
• Develop Databricks-based hunting capabilities and logic to analyse security telemetry at a massive scale across our multi-cloud environment.
• Build reusable hunting notebooks and automated intelligence pipelines using Databricks workflows.
• Serve as the technical authority for threat hunting across Security, influencing detection strategy and incident response capabilities.
• Mentor and develop threat hunting capabilities across the security organization.
• Operationalize threat intelligence from multiple sources (commercial feeds, OSINT, industry sharing groups) into actionable hunting hypotheses.
• Work with internal partners to develop and maintain Priority Intelligence Requirements (PIRs).
• Build automated enrichment pipelines using Databricks to correlate intelligence with internal telemetry.
• Produce intelligence assessments on threats relevant to our business.
• Represent Databricks in external security communities, industry working groups, and with strategic customers on advanced threat topics.
• Architect scalable hunting infrastructure using Databricks notebooks, Delta Lake, and Unity Catalog.
• Develop libraries of reusable detection logic and hunting queries optimized for distributed computing.
• Build automated workflows for threat intelligence ingestion, enrichment, and correlation.
• Create dashboards and visualizations for threat exposure and hunt findings.
• Integrate security tools with Databricks platform.

Benefits

• At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https://www.mybenefitsnow.com/databricks .