Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
As a member of the Engineering team, you will collaborate with other security teams to execute on strategic plans and develop tactical execution methodologies which improve the “protect, detect, and respond” capabilities of Splunk’s Global Security Team. This engineering position partners closely with Security Architecture, Security Operations and Corporate IT. Engineering and Operations areas supported include Splunk’s Cloud environments, IT, and other corporate functions. Engineering is a core function within Splunk’s Cyber Security team and a critical indicator of success of the Engineering team is realized by the delivery of quality events to the Detection, Monitoring and Response Operations Teams. Responsibilities include Development, Testing, Deployment, Sustainment, Break/Fix, Patching and Updating security solutions.
You will provide engineering and operational support for leading edge security tools, as well as deploying and running services that make full use of both private and public cloud services. This security engineering professional role is responsible for planning, design, implementation and ongoing support of high complex systems to fulfill the business needs. You will provide engineering support in the following areas:
- Evaluate and test Splunk Apps and Add-ons with the intent of improving Splunk’s overall risk posture. This includes discovery of new Apps to enable existing and novel security use cases.
- Maintain the engineering team’s operational level agreements to detect and respond to critical security service delivery issues.
- Support the development and deployment of solutions that are in alignment with Splunk's desired risk appetite.
- Provide security infrastructure deployment, service maintenance, change control, support, information protection, system resiliency, and break fix.
- Be a part of the Splunk culture that delivers results in accordance with the highest standards in security engineering.
- Work with other Cybersecurity teams to effectively manage and develop security monitoring, sensor enrichment, and tuning solutions.
- Assist internal Splunk management team to deliver consistent functionality and availability to include standard operational processes, troubleshooting, and execution of specific project objectives.
- Provide support and service to assist knowledge sharing, creation and management dashboards, alerts, reports, and other knowledge objects.
- Establish and follow consistent processes to ensure health and stability of Splunk platform, while enabling reasonable self-service across the security team.
- Data onboarding and normalization, including engagement with numerous teams throughout Cloud, IT, and Security.
- Access and authorization management for Splunk, including index design (as appropriate), to facilitate role-based access.
- Facilitate knowledge sharing by creating and maintaining detailed documentation and diagrams, while also collaborating with other team members on standard processes and technology roadmaps.
- Participate in an on-call rotation for support of systems outside of normal business hours, and be available to perform maintenance and critical operations as needed
- Support other Security verticals executing the security roadmap based on the Splunk’s priorities and initiatives.
- Perform technical evaluations to identify coverage gaps in existing information security toolsets.
- Understanding security technology’s role in ensuring compliance in both cloud provider and on-premise environments.
- Knowledge of managing a distributed Splunk installation including Enterprise Security, Multi-site Indexer Cluster, Search Head Cluster, Forwarders, Deployment Server, Syslog servers, etc.
- Familiar with data on-boarding procedures, CIM compliance and data normalization techniques, and Splunk parsing model configuration
- Strong knowledge of Splunk search language, regular expressions, and other constructs.
- Experience installing, building and working with Splunk Apps and add-ons in a distributed cluster
- Ability to accurately assess problems from multiple perspectives, analyze approach feasibility, and decide on the optimal course of action.
- Familiar with regulations (examples: GDPR, PCI, FedRAMP, etc.) and the protections afforded.
- Remarkable written and oral communication skills; strong presentation skills
- 8 or more years of security experience in one or more of these critical areas: Information Security Technology, Engineering, Operations, Technology Infrastructure and Proof of Concept - testing labs.
- Comfort managing large numbers of Linux servers in a distributed environment
- Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standards
- BS/ BA, degree or equivalent work experience
- Eligible to work in the United States without company sponsorship
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.