# Staff Production Engineer- Public Sector

**Company**: Databricks
**Location**: Virginia
**Work arrangement**: onsite
**Experience**: staff
**Job type**: full-time
**Salary**: $162,000-$222,750 USD
**Category**: Engineering
**Industry**: Technology
**Wikidata**: https://www.wikidata.org/wiki/Q18350420

**Apply**: https://job-boards.greenhouse.io/databricks/jobs/8519350002
**Canonical**: https://yubhub.co/jobs/job_a97046b8-411

## Description

We are seeking a Staff Production Engineer to join our team. As a Staff Production Engineer, you will own and evolve the secure infrastructure, access patterns, and guardrails that keep Databricks' global platform safe and compliant in production. You will be responsible for the 'sovereign layer' of our infrastructure, ensuring that our Data Intelligence Platform operates with 100% reliability and security in highly regulated, air-gapped, and sovereign environments.

Key Responsibilities:

- Design, automate, and operate the IAM, account/subscription, and project lifecycle across AWS, Azure, and GCP, enforcing least-privilege and standardized access patterns at scale.

- Review, implement, and continuously improve cloud identity and access policies (IAM, Okta, Opal) to align with Databricks security standards and audit requirements.

- Build and maintain reliable, observable automation and tooling to apply cloud changes (roles, policies, accounts, networking) safely and repeatedly.

- Treat operational and security issues as software problems: eliminate toil, drive root-cause analysis, and codify fixes into infrastructure and tooling.

- Own and improve security and audit logging data pipelines from cloud providers into our internal systems, ensuring timely, accurate data for detection, investigations, and audits.

- Partner with Security, Compliance, and Audit teams to provide evidence, clarifications, and policy updates that keep our environments aligned with evolving standards.

- Operate and improve specialized, highly regulated environments (e.g., FedRAMP / GovCloud) including release management, patching cadences, and supporting secure access workflows (e.g., SAW).

- Ensure high availability and resiliency for critical security and access infrastructure across these environments.

- Participate in a 24x7 on-call rotation for high-severity incidents impacting cloud accounts, IAM, or security data pipelines.

- Act as a key partner to product engineering, security engineering, and field teams during incidents to restore service and harden systems for the future.

Requirements:

- Must be eligible for a Top Secret / Sensitive Compartmented Information (TS/SCI) security clearance.

- Possession of a current polygraph (Counterintelligence or Full Scope) is highly desired and considered a significant plus.

- Education- BS, MS, or PhD in Computer Science, Engineering, or a related technical field, or equivalent practical experience.

- Experience

- Staff: 8+ years of experience operating and automating large-scale cloud environments, with a track record of driving cross-team infrastructure improvement.

- Cloud & Infrastructure Expertise

- Deep hands-on experience with at least one major cloud provider (AWS, Azure, or GCP) in areas such as IAM, networking, accounts/subscriptions/projects, and audit logging.

- Strong background in Infrastructure-as-Code and automation (e.g., Terraform, CloudFormation, or similar) and CI/CD for infrastructure changes.

- Security & Compliance Mindset

- Proven experience working in or with security-sensitive or regulated environments (e.g., SOC2, FedRAMP, ISO 27001, financial services, public sector) and translating requirements into concrete technical controls.

- Familiarity with access review processes, policy baselines, and audit evidence for cloud environments.

- Operational Excellence

- Demonstrated success running high-availability, security-critical services, including on-call responsibilities and incident management.

- Strong debugging and problem-solving skills across distributed systems, with the ability to navigate ambiguous issues spanning multiple teams and platforms.

Preferred Qualifications:

- Experience with Okta, Opal, or similar identity/access tooling.

- Background operating secure admin workstations (SAW) or comparable hardened access patterns.

- Experience migrating cloud accounts or subscriptions during M&A or large-scale reorganizations.

## Skills

### Required
- Cloud & Infrastructure Expertise
- Security & Compliance Mindset
- Operational Excellence

### Nice to have
- Experience with Okta, Opal, or similar identity/access tooling
- Background operating secure admin workstations (SAW) or comparable hardened access patterns
- Experience migrating cloud accounts or subscriptions during M&A or large-scale reorganizations