Skip to main content
Security and Risk Management

Director of Threat Response (Remote US Available)

Splunk is the leader in big data, machine learning analytics with a significant presence in the cybersecurity market. Join us as we pursue our disruptive new vision to make machine data accessible, usable, and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun, and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!


The Director of Threat Response reports to the Sr. Director of Global Security Operations. The role is based in San Francisco, San Jose, McLean, VA, or Remote. You will be responsible for leading all response capabilities for Splunk, including the Critical Incident Response Team (CIRT) and the Security Operations Center (SOC). In this role you manage all tiers of incident response within Splunk, leading investigations involving malware, sophisticated adversary intrusions, insider risk, and high severity vulnerability remediation.

You have a deep understanding and experience in security investigations, security incident response, and a knack for solving sophisticated security issues at scale within a multi-cloud environment. You are as passionate about strategy as you are about security - looking for ways to continuously optimize and iterate in a fast-paced security organization.


  • Lead day-to-day operations of CIRT and SOC roles including complex cyber security incidents and investigations
  • Establish and maintain partnerships across Splunk at an executive level in organizations including Engineering, Human Resources, Legal, etc.
  • Lead all people management facets including recruiting, hiring, performance management, etc.
  • Build close cross-functional relationships with the Threat Detection organization to improve security monitoring capabilities within Splunk
  • Drive a multi-year strategy for continuous process and technology improvement
  • Define metrics to directly support executive-level briefings (daily, weekly, monthly), measuring operational performance, and tracking incident trends across Splunk
  • Ensure processes and technologies used by Threat Response are in continuous alignment with compliance regulations such as FedRAMP, PCI, HIPAA, etc.
  • Partner with other security organizations to lead standards development across several multi-functional service areas
  • Continue to champion the remediation of visibility and capability gaps and break down roadblocks standing in the way of a robust security posture
  • Mentor and foster the growth of a team that includes security practitioners at all career levels.
  • Ensure that all documents, workflows, and processes remain accurate and up-to-date


  • Minimum 7 years of overall experience in cyber security with an emphasis on incident response, security monitoring, digital forensics, etc.
  • At least 4 years managing incident response, investigations, or SOC teams
  • Detailed understanding of the MITRE ATT&CK Framework and the Cyber Kill Chain
  • Deep understanding of attacks impacting a cloud-native environment
  • Lead people to think critically by guiding them without doing the work for them
  • Possess a demonstrated ability to speak with people with varying knowledge of IT Security concepts
  • Outstanding written and verbal communication skills
  • Capability to look at a process to find opportunities for cycle-time reduction
  • Excellent interpersonal skills and ability to see things through the customer’s eyes
  • Applicants must be currently authorized to work in the United States on a full-time basis. 
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

(Colorado only*) Minimum base salary of $165,000. You may also be eligible for incentive pay + equity + benefits. Note: Disclosure per sb19-085 (8-5-201 et seq).

Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.
Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement.
Splunk also has policies in place to protect the personal information candidates disclose to us as part of the application process. Please click here to review Splunk’s Career Site Privacy Policy.

Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.

To check on your application click here.


Find out what makes Splunk such a great place to work

box1 box1
Our Values

We are Splunk. How? Well we're passionate about customer success, driven by data, real and respectful, serious about fun, powered by our Million Data Points, and are all in this together.

Learn More
box2 box2
Our Locations

From San Francisco to Shanghai, Splunkers work in 25+ offices across the globe.

Learn More
box3 box3
Early Talent Program

Intern with people you want to hang out with, even outside the office.

Learn More
box3 box3

Our Blog

Hear from Splunkers on the latest.

Learn More
box2 box2
Diversity & Inclusion

Culture of Inclusion: Splunkers Share Their Stories

Learn More
box1 box1

Follow Splunk on LinkedIn for job announcements, company news, and more.

Learn More