Security and Risk Management

Hyderabad, India

- No Remote

Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

Role:

The Cloud Access team is looking for a Principal Product Security Engineer to join us. As a member of the team, you will collaborate with other engineering, security and operations teams to execute on strategic plans and develop tactical execution methodologies which improve the “protect, detect, and respond” capabilities of Splunk Cloud. This person will lead the Prod IAM Hyderabad team to work independently to deliver projects for Product IAM.

The ideal candidate has a strong passion to help enable RBAC and IAM based Cloud Security to protect our organization, customers, and assets. You will work with Cloud operations teams, compliance teams, Splunk Global Security, and incident responders as well as identity and security solution providers, to help improve the team's access control and security posture and achieve success.

In this role, you will:

Collaborate with partner teams to improve security of Prod IAM infrastructure, tooling and automations.
Build tools and automation for orchestrating access provisioning, address Privileged Access Management and enable Just In Time Access for privileged accounts.
Extend existing IAM and RBAC based services and platforms to enhance partner capabilities, automating to reduce overhead while increasing the number of groups supported and the overall complexity of the systems.
Identify use cases that can be built with existing tools and services to enhance access to internal cloud systems.
This role also includes supporting the definition of requirements that enable innovative integrations and solutions.
Collaborate on the evaluation and test solutions with the intent of improving Splunk’s overall access control features and flexibility.
Collaborate with Service owners to implement Service Level Metrics & Service Level Objectives that act as service health indicators with the goal of improving security posture.

As a member of Splunk’s Identity and Access Management team, the Principal Security Engineer will be responsible for implementing and managing identity services and platforms, mainly Okta and Directory Services. You must have a proven track record in delivering identity solutions that are functional, secure, scalable, and reliable. Your work will not only dramatically improve Splunk’s security posture, but also improve workforce productivity. This role will work with the Identity and Access Management Manager, Senior Manager and Senior Director of Security Services within Splunk Global Security.

Responsibilities

Manage and lead the design, engineering, and deployment of Directory Services (i.e. Active Directory) and Okta
Participate in or lead troubleshooting and incident resolution of complex high severity incidents
Analyze the current environment to identify technical and operational opportunities and develop continuous improvement action plans
Participate in disaster recovery, capacity planning, performance monitoring, and maintenance to ensure high availability
Understand and adhere to standard operational processes to ensure audibility and compliance with industry standards (SOX, GDPR, UKCE etc.)
Build relationships with the other teams in the Splunk Global Security organization, but also across the company
Mentor and train others in the use and functionality of the IAM services
Practical knowledge of AWS, GCP, Azure, IBM Cloud, Okta, Okta IGA, Okta Verify, Sailpoint, Terraform, Device Context, FIDO2, Git, Gitlab, Kubernetes, Puppet, Linux.

Requirements

10+ year of experience in IAM with 5+ years of experience in implementing, integrating, and supporting end-to-end Directory Services and Okta solutions
Hands-on production experiences with Active Directory, Azure Active Directory and Okta
Experience in various authentication standards such as SAML, OAuth, SCIM, OpenID Connect and FIDO2
Experience in security and implementation standards such as the least privilege, privileged access management and passwordless authentication
Good understanding of the overall infrastructure including data centers, networking, load balancers, and how all the components interact
Familiarity with PKI, Public Certificate Authorities, OpenSSL, Hashicorp Stack (e.g. Vault)
Coding experience in one or more of Go, Java, Python, Powershell, and Bash.
Experience automating infrastructure with scripting (Go, Python, Bash) and tooling (Puppet, Terraform, Ansible, Chef, etc).
Experienced with the setup/configuration/operation of CI/CD pipelines and source code control using GitLab
Demonstrated ability to accurately assess problems and requests from multiple perspectives, analyze approach feasibility, and decide on the efficient course of action.
8 or more years of experience in one or more of these critical areas: Access Controls, Information Security Technology, Engineering, CI/CD, Operations.
Strong ability to communicate data, facts, and analysis of the technical subject matter.
You will support collaboration when working on engineering’s goals and objectives.

Education and Certifications

Bachelor's degree in Computer Science, Information Technology, or related field required or equivalent work experience
CISSP, CISM, or equivalent certification preferred

Plus:

Not required, and would be nice to have:

Exposure to CIS, DISA, DTPR, PCI, HIPAA and FedRAMP regulation.

What We Offer You:

A constant stream of new things for you to learn. We're always expanding into new areas, bringing in open source projects and contributing back, and exploring new technologies.
A set of exceptionally talented and dedicated peers, all the way from engineering to product management and customer support.
Growth and mentorship. We believe in growing engineers through ownership and leadership opportunities. We also believe mentors help both sides of the equation.
A stable, collaborative and supportive work environment.

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

Thank you for your interest in Splunk!

Note:

Base Pay Range

India

Base Pay: INR 3,680,000.00 - 5,060,000.00 per year

Splunk provides flexibility and choice in the working arrangement for most roles, including remote and/or in-office roles. We have a market-based pay structure which varies by location. Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location as set out above, as well as the knowledge, skills and experience of the candidate. In addition to base pay, this role is eligible for incentive compensation and may be eligible for equity or long-term cash awards.

Benefits are an important part of Splunk's Total Rewards package. This role is eligible for a comprehensive, competitive benefits package which may include healthcare and retirement plans, paid time off, wellbeing expense reimbursement, and much more! Learn more about our comprehensive benefits and wellbeing offering at https://splunkbenefits.com.

Apply Now

Splunk's Hiring Practices

^{Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.}

^{We value diversity, equity, and inclusion at Splunk and are an equal employment opportunity employer. Qualified applicants receive consideration for employment without regard to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition, genetic information, veteran status, or any other consideration made unlawful by federal, state, or local laws. We consider qualified applicants with criminal histories, consistent with legal requirements. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Equal Employment Opportunity Policy Statement. If you need assistance or an accommodation to apply or during the hiring process, please let us know by completing our Accommodation Request form.}

^{Splunk also has policies in place to protect the personal information candidates disclose to us as part of the application process. Please click here to review Splunk’s Career Site Privacy Policy.

Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision.

Splunk is committed to the health and safety of our employees and customers. We comply with local, state/territory, and federal regulations to prevent the spread of COVID-19 in the countries in which we operate. Splunk provides reasonable medical, religious, or other legally required accommodations for eligible employees.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to accessiblecareers@splunk.com. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.}