Splunk is the leader in big data, machine learning analytics with a significant presence in the cybersecurity market. Join us as we pursue our disruptive new vision to make machine data accessible, usable, and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun, and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
The Director of Threat Response reports to the Sr. Director of Global Security Operations. The role is based in San Francisco, San Jose, McLean, VA, or Remote. You will be responsible for leading all response capabilities for Splunk, including the Critical Incident Response Team (CIRT) and the Security Operations Center (SOC). In this role you manage all tiers of incident response within Splunk, leading investigations involving malware, sophisticated adversary intrusions, insider risk, and high severity vulnerability remediation.
You have a deep understanding and experience in security investigations, security incident response, and a knack for solving sophisticated security issues at scale within a multi-cloud environment. You are as passionate about strategy as you are about security - looking for ways to continuously optimize and iterate in a fast-paced security organization.
- Lead day-to-day operations of CIRT and SOC roles including complex cyber security incidents and investigations
- Establish and maintain partnerships across Splunk at an executive level in organizations including Engineering, Human Resources, Legal, etc.
- Lead all people management facets including recruiting, hiring, performance management, etc.
- Build close cross-functional relationships with the Threat Detection organization to improve security monitoring capabilities within Splunk
- Drive a multi-year strategy for continuous process and technology improvement
- Define metrics to directly support executive-level briefings (daily, weekly, monthly), measuring operational performance, and tracking incident trends across Splunk
- Ensure processes and technologies used by Threat Response are in continuous alignment with compliance regulations such as FedRAMP, PCI, HIPAA, etc.
- Partner with other security organizations to lead standards development across several multi-functional service areas
- Continue to champion the remediation of visibility and capability gaps and break down roadblocks standing in the way of a robust security posture
- Mentor and foster the growth of a team that includes security practitioners at all career levels.
- Ensure that all documents, workflows, and processes remain accurate and up-to-date
- Minimum 7 years of overall experience in cyber security with an emphasis on incident response, security monitoring, digital forensics, etc.
- At least 4 years managing incident response, investigations, or SOC teams
- Detailed understanding of the MITRE ATT&CK Framework and the Cyber Kill Chain
- Deep understanding of attacks impacting a cloud-native environment
- Lead people to think critically by guiding them without doing the work for them
- Possess a demonstrated ability to speak with people with varying knowledge of IT Security concepts
- Outstanding written and verbal communication skills
- Capability to look at a process to find opportunities for cycle-time reduction
- Excellent interpersonal skills and ability to see things through the customer’s eyes
- Applicants must be currently authorized to work in the United States on a full-time basis.
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.
(Colorado only*) Minimum base salary of $165,000. You may also be eligible for incentive pay + equity + benefits. Note: Disclosure per sb19-085 (8-5-201 et seq).