Skip to main content
Security and Risk Management

Cyber Security Risk Analyst (US Remote Available)

Role

Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. In this role you will lead risk assessments using security tools and relying on technical expertise to identify and report security gaps to senior leadership and risk owners. You will also lead the roll out of security standards to key business units to improve Splunk's security posture. In addition, this role will cross train and collaborate with Splunk's Security Architecture & Security Engineering teams to ensure consistency in the SGS technical assessment process.

Identify Security Risk

  • You will conduct technical security risk assessments to identify threat scenarios and security impacts and the level of risk they represent to the business
  • You will understand technical implementation details vital to assess and recommend security improvements and identify compensating controls
  • You will draft risks and provide fact based evidence to accurately drive the calculation of the risk score
  • You will lead a risk readout (completing the applicable risk template) to enable the risk owner to acknowledge they understand the risk under their ownership
  • You will engage with multi-functional partners to analyze issues, assess risk, develop recommendations, build consensus and support implementation of remediation solutions
  • You will track the status of risk treatment in the applicable GRC tools including Jira and Splunk to conclusion
  • You will support the development and production of metrics, including but not limited to, operational metrics, KPI’s, KRI’s and SLA’s
  • You will keep up to date with the latest security and technology developments
  • You will educate control owners on security standards to improve Splunk's security posture and assess the efficacy of implementation as part of the risk assessment
  • You will collaborate with and provide feedback to Splunk's Compliance and Enterprise Risk Management teams on new control recommendations
  • You will train and mentor less technical members of the team on the technical aspects of security gaps

Requirements

  • Practical work experience with security concepts including the ability to assess the security aspects of the following: network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices
  • Demonstrate solid knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.
  • Strong technical knowledge of Cloud infrastructure, applications and coding practices preferred
  • Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
  • Big 4, Consulting or IT internal audit experience [preferred]
  • Certifications: CISA, CISM, CISSP, CRISC (one or more)
  • Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments
  • Communicate and present concisely and efficiently based on the appropriate level of management

Basic Qualifications

  • Bachelor of Science degree in Computer Science or related subject area or equivalent practical experience.
  • 3+ years information security experience or a combination of information technology work experience and information security experience.
  • Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning.
  • Strong analytical, problem solving, organizational, documentation; time management skills. Solid attention to detail. Positive relationship and facilitation skills.
  • Eligible to work in the United States without company sponsorship
 
 
Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.
 
Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement.
 
Splunk also has policies in place to protect the personal information candidates disclose to us as part of the application process. Please click here to review Splunk’s Career Site Privacy Policy.

Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to accessiblecareers@splunk.com. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.

To check on your application click here.
 

DIVE DEEPER

Find out what makes Splunk such a great place to work

box1 box1
Our Values

We are Splunk. How? Well we're passionate about customer success, driven by data, real and respectful, serious about fun, powered by our Million Data Points, and are all in this together.

Learn More
box2 box2
Our Locations

From San Francisco to Shanghai, Splunkers work in 25+ offices across the globe.

Learn More
box3 box3
Early Talent Program

Intern with people you want to hang out with, even outside the office.

Learn More
box3 box3

Our Blog

Hear from Splunkers on the latest.

Learn More
box2 box2
Diversity & Inclusion

Culture of Inclusion: Splunkers Share Their Stories

Learn More
box1 box1
LinkedIn

Follow Splunk on LinkedIn for job announcements, company news, and more.

Learn More