Sr Staff Production Engineer- Public Sector
Menlo Ventures, Virginia, MN, United States
P-1605
Role Overview
At Databricks, we don t just use the cloud; we are cloud maximalists. We run our platform across every region of every major cloud provider (AWS, Azure, and GCP) simultaneously. This role owns and evolves the secure infrastructure, access patterns, and guardrails that keep the Databricks Data Intelligence Platform safe and compliant in production across highly regulated environments. If you are an engineer who views infrastructure as a software problem and thrives on the complexity of global-scale networking, IAM, and automation, this is your team.
Impact You’ll Have
Security-Focused Cloud Operations
Design, automate, and operate the IAM, account/subscription, and project lifecycle across AWS, Azure, and GCP, enforcing least-privilege and standardized access patterns at scale.
Review, implement, and continuously improve cloud identity and access policies (IAM, Okta, Opal) to align with security standards and audit requirements.
Production Engineering & Automation
Build and maintain reliable, observable automation and tooling to apply cloud changes (roles, policies, accounts, networking) safely and repeatedly.
Treat operational and security issues as software problems: eliminate toil, drive root-cause analysis, and codify fixes into infrastructure and tooling.
Security Data Pipelines & Compliance
Own and improve security and audit logging data pipelines from cloud providers into internal systems, ensuring timely, accurate data for detection, investigations, and audits.
Partner with Security, Compliance, and Audit teams to provide evidence and policy updates that keep environments aligned with evolving standards.
Regulated & Specialized Environments
Operate and improve specialized, highly regulated environments (e.g., FedRAMP / GovCloud) including release management, patching cadences, and secure access workflows (e.g., SAW).
Ensure high availability and resiliency for critical security and access infrastructure across these environments.
On-Call & Incident Response
Participate in a 24x7 on-call rotation for high-severity incidents impacting cloud accounts, IAM, or security data pipelines.
Partner with product engineering, security engineering, and field teams during incidents to restore service and harden systems for the future.
What We Look For
Required:
Eligible for a Top Secret / Sensitive Compartmented Information (TS/SCI) security clearance.
Nice to have:
Possession of a current polygraph (Counterintelligence or Full Scope) is highly desired.
Education:
BS, MS, or PhD in Computer Science, Engineering, or a related technical field, or equivalent practical experience.
Experience:
12+ years, including leading the strategy for cloud IAM, account architecture, or security-critical infrastructure across multiple environments or business units.
Cloud & Infrastructure Expertise:
Hands-on experience with at least one major cloud provider (AWS, Azure, or GCP) in IAM, networking, accounts/subscriptions/projects, and audit logging.
Strong background in Infrastructure-as-Code and automation (Terraform, CloudFormation, or similar) and CI/CD for infrastructure changes.
Security & Compliance Mindset:
Experience in security-sensitive or regulated environments (SOC2, FedRAMP, ISO 27001, financial services, public sector) and translating requirements into technical controls.
Familiarity with access review processes, policy baselines, and audit evidence for cloud environments.
Operational Excellence:
Experience running high-availability, security-critical services, including on-call responsibilities and incident management.
Strong debugging and problem-solving skills across distributed systems and cross-team collaboration.
Bonus
Experience with Okta, Opal, or similar identity/access tooling.
Background operating secure admin workstations (SAW) or comparable hardened access patterns.
Experience migrating cloud accounts or subscriptions during M&A or large-scale reorganizations.
Pay Range Transparency
Pay range listed below represents the expected compensation for this role. Local pay range: $195,400 — $268,600 USD.
#J-18808-Ljbffr
Role Overview
At Databricks, we don t just use the cloud; we are cloud maximalists. We run our platform across every region of every major cloud provider (AWS, Azure, and GCP) simultaneously. This role owns and evolves the secure infrastructure, access patterns, and guardrails that keep the Databricks Data Intelligence Platform safe and compliant in production across highly regulated environments. If you are an engineer who views infrastructure as a software problem and thrives on the complexity of global-scale networking, IAM, and automation, this is your team.
Impact You’ll Have
Security-Focused Cloud Operations
Design, automate, and operate the IAM, account/subscription, and project lifecycle across AWS, Azure, and GCP, enforcing least-privilege and standardized access patterns at scale.
Review, implement, and continuously improve cloud identity and access policies (IAM, Okta, Opal) to align with security standards and audit requirements.
Production Engineering & Automation
Build and maintain reliable, observable automation and tooling to apply cloud changes (roles, policies, accounts, networking) safely and repeatedly.
Treat operational and security issues as software problems: eliminate toil, drive root-cause analysis, and codify fixes into infrastructure and tooling.
Security Data Pipelines & Compliance
Own and improve security and audit logging data pipelines from cloud providers into internal systems, ensuring timely, accurate data for detection, investigations, and audits.
Partner with Security, Compliance, and Audit teams to provide evidence and policy updates that keep environments aligned with evolving standards.
Regulated & Specialized Environments
Operate and improve specialized, highly regulated environments (e.g., FedRAMP / GovCloud) including release management, patching cadences, and secure access workflows (e.g., SAW).
Ensure high availability and resiliency for critical security and access infrastructure across these environments.
On-Call & Incident Response
Participate in a 24x7 on-call rotation for high-severity incidents impacting cloud accounts, IAM, or security data pipelines.
Partner with product engineering, security engineering, and field teams during incidents to restore service and harden systems for the future.
What We Look For
Required:
Eligible for a Top Secret / Sensitive Compartmented Information (TS/SCI) security clearance.
Nice to have:
Possession of a current polygraph (Counterintelligence or Full Scope) is highly desired.
Education:
BS, MS, or PhD in Computer Science, Engineering, or a related technical field, or equivalent practical experience.
Experience:
12+ years, including leading the strategy for cloud IAM, account architecture, or security-critical infrastructure across multiple environments or business units.
Cloud & Infrastructure Expertise:
Hands-on experience with at least one major cloud provider (AWS, Azure, or GCP) in IAM, networking, accounts/subscriptions/projects, and audit logging.
Strong background in Infrastructure-as-Code and automation (Terraform, CloudFormation, or similar) and CI/CD for infrastructure changes.
Security & Compliance Mindset:
Experience in security-sensitive or regulated environments (SOC2, FedRAMP, ISO 27001, financial services, public sector) and translating requirements into technical controls.
Familiarity with access review processes, policy baselines, and audit evidence for cloud environments.
Operational Excellence:
Experience running high-availability, security-critical services, including on-call responsibilities and incident management.
Strong debugging and problem-solving skills across distributed systems and cross-team collaboration.
Bonus
Experience with Okta, Opal, or similar identity/access tooling.
Background operating secure admin workstations (SAW) or comparable hardened access patterns.
Experience migrating cloud accounts or subscriptions during M&A or large-scale reorganizations.
Pay Range Transparency
Pay range listed below represents the expected compensation for this role. Local pay range: $195,400 — $268,600 USD.
#J-18808-Ljbffr