The Product Security team at Splunk is responsible for identifying security risks and ensuring mitigation across all Splunk products. The Splunk products organization releases several hundred applications at a regular cadence. As a Senior Product Security Engineer, you will work closely with all our internal development teams to ensure we build security in from day one and follow standard methodologies. Ideally, you will have a proven development background and have progressed to be a software security authority. Your ability to keep up to date on all new security challenges and work with our teams to develop protection mechanisms is key.
You will perform application security assessments including architecture review, threat modeling, code review, and penetration testing. This role requires you to assist and enable product teams to embrace secure development practices. We value your commitment to providing pragmatic software security advice to software development functions including product, engineering, and services!
You will be an ideal candidate if you:
Have hands-on experience finding security design flaws and implementation bugs consistently by performing security reviews.
Able to develop software security guidance including training material, secure coding checklists, reusable libraries, etc.
Have experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into a CI/CD workflow.
Have familiarity with the tools and technologies used throughout secure SDLC (e.g., SAST, DAST, OSS tools).
5+ years of total experience performing secure SDLC activities like Threat Modeling, DAST, SAST, and manual penetration testing.
Authoritative understanding of common software and web application security vulnerabilities.
Knowledge of crypto primitives, authentication protocols and authorization standards (Eg: SSL/TLS, SAML, OAuth, JWT tokens)
Effective written and verbal communication with multiple levels of leadership involving both the business and technical aspects.
Knowledge of static analysis, dynamic analysis, and supply chain security.
Knowledge of network architecture, protocols, and standards.
Scripting and tool development
Thank you for your interest in Splunk!
Splunk is an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.