Engineering

Senior Security Analyst/Engineer - Product Security Incident Response Team (PSIRT)

Senior Security Analyst - Product Security Incident Response Team (PSIRT)  and Vulnerability Management
 

Come and join our growing Splunk PSIR (Product Security Incident Response)team of Security Engineers; be a part of a high-powered and high-performing team that regularly works across the entire organization, with everyone from product teams to executives. Urgent escalations from enterprise customers, investigating open source vulnerabilities, performing variant analysis, root cause analysis, working with security researchers and a regular patching cycle are all core to this role. The work is diverse, has executive level visibility, and is ever changing. Splunk PSIRT (Product Security Incident Response Team) is responsible for:

  • Splunk product vulnerability management process for on-premise and cloud Splunk products and applications.
  • Coordination of customer/external product security incidents and reported security issues affecting various Splunk products and applications.
  • Working cross-functionally with all business units, sustaining engineers, product security team members, customer support, legal and external security researchers to ensure timely resolution of security incidents and events.
  • Development, maintenance and continuous improvement of the product security incident monitoring, detection and response tools and process, including all required supporting materials.
  • Leading post-incident reviews for presentation to management.

We are looking for a new team member who will be responsible to perform following activities:

  • Lead and own Vulnerability Management Process - triage security related issues (external / internal), verify those on different Splunk versions, products.
  • Perform variant analysis and root cause analysis to find systematic bugs.
  • Triage code defect based issues, quantitatively evaluate risk and provide guidance to engineering teams regarding the impact of security issues using industry standard metrics such as CVSS.
  • Investigate, track and remediate open source vulnerabilities.
  • Work closely with project management, product management, engineering and sustaining teams to drive issues to closure.
  • Track and report on remediation efforts.
  • Improve and perform Security Advisory Process.
  • Actively hunt for bugs in Splunk products and applications using various static code analysis, dynamic analysis, variant analysis and pen testing tools. Provide input to tools and pen test team to enable systemic issue identification.
  • Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration. Work with customer facing and internal teams to continually improve processes used to identify and fix product security issues
  • Enhance existing product security incident response program

Education:

  • Bachelor’s/Master’s in Computer Science or equivalent
  • Relevant information security certifications, such as SANS/GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH), SANS GPEN, or Offensive Security OSCP/OSCE

Requirements:

  • Minimum 5-7 years of Application Security Experience
  • At least two-three years of experience with CSIRT, CIRT, PSIRT functions
  • Solid understanding of OWASP Top 10
  • Understands common classes of product security vulnerabilities and attack/defense methodologies deeply
  • Experience with issue management as well as designing/defining proactive mitigation strategies
  • Strong written and verbal communications skills
  • Proven ability to build relationships and influence individuals at all levels, as well as external security researchers, vendors and service providers
  • Able to learn new languages
  • Experience with various application security tools - Static code analysis, dynamic code analysis, vulnerability scanning, pen testing
  • Ability to track and lead numerous parallel activities
  • Good understanding of Windows and Linux Operating systems
  • Understands common classes of product security vulnerabilities and attack/defense methodologies deeply
  • AWS/Cloud Experience a strong plus
  • Bug bounty program participation a plus
  • Knowledge of the security research community is a strong plus
  • Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python) is a significant plus!

 
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. 

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records. 

Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.

Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement.

Splunk also has policies in place to protect the personal information candidates disclose to us as part of the application process. Please click here to review Splunk’s Career Site Privacy Policy.

Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to accessiblecareers@splunk.com. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.

To check on your application click here.
DIVE DEEPER
Find out what makes Splunk such a great place to work
Our Values

Splunkers are encouraged and empowered to be Innovative, Passionate, Disruptive, Open and Fun.

Working at Splunk

From great benefits to a diverse and inclusive workplace — that's the Splunk experience.

University Recruiting Program

Intern with people you want to hang out with, even outside the office.

Our Blog

Hear from Splunkers on the latest.

Diversity & Inclusion

Culture of Inclusion: Splunkers Share Their Stories

LinkedIn

Follow Splunk on LinkedIn for job announcements, company news, and more.