Security and Risk Management

Senior Technical Security Analyst, Cyber Risk Management (Remote US Available)

Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

Role

Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. This role is responsible for performing technical security risk assessments, including conducting assessments, writing risk reports, recommending mitigation steps, monitoring mitigation plans and assessing residual risk as part of the continuous risk management lifecycle.

Responsibilities

Continuously perform the steps in the Risk Management Lifecycle including the following:

  • You will conduct technical security risk assessments to identify security gaps and the level of risk they represent to the business (must have knowledge of Cloud security)
  • You will scope the assessment to draft measurable risk statements
  • You will understand technical implementation details vital to assess and recommend security control improvements and identify compensating controls
  • You will draft findings and provide fact based evidence to accurately drive the calculation of the risk score
  • You will partner with the business to validate the business and technology elements relied upon to analyze the risk
  • You will lead a risk readout (completing the applicable risk template) to enable the risk owner to acknowledge they understand the risk under their ownership.
  • You will engage with multi-functional partners to analyze problems, assess risk, develop corrective actions, build consensus and support implementation of mitigation solutions
  • You will supervise the status of risk treatment in the applicable GRC tools including Process Unity, JIRA & Splunk to conclusion
  • You will assess residual risk following the completion of the risk treatment plan and report residual risk to the risk owner
  • You will keep up to date with the latest security and technology developments
  • You will cross train with security architecture to ensure consistency in the SGS technical assessment process
  • You will collaborate with end users as well as all levels of management, senior leaders; and technical and business resources

Requirements

  • High level of knowledge in the areas of Cloud Infrastructure, Applications and coding practices
  • Work experience with security concepts including the ability to assess the security aspects of the following: network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices
  • Some experience with assessing security aspects of orchestration via Terraform, Kubernetes, Docker, Puppet, Ansible, etc.
  • 3+ years of security experience in one or more of these critical areas: Information Security Technology, Engineering, Operations, and Technology Infrastructure.
  • Communicate data, facts, and analysis regarding operational delivery
  • 5+ years of cyber risk management experience
  • Big 4, Consulting or IT internal audit experience [preferred]
  • Certifications: CISA, CISM, CISSP, CRISC (one or more)
  • Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments
  • Communicate and present concisely and efficient based on the appropriate level of management
  • Manage challenging deadlines and prioritize responsibilities to effectively meet business needs
  • Support and mentor team members
  • Work both independently and together with your team at all levels and across departments
  • Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
  • Possess sophisticated interview skills to tailor the types of questions based on responses provided by internal personnel or supplier contacts

Basic Qualifications

  • Bachelor of Science degree in Computer Science or related subject area or equivalent practical experience.
  • 8 years information security experience or a combination of information technology work experience and information security experience.
  • Demonstrate proven knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.
  • Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning.
  • Strong analytical, problem solving, organizational, documentation; time management skills. Strong attention to detail. Positive relationship and facilitation skills.
  • Proficient with Google Suite applications.
  • Eligible to work in the United States without company sponsorship


We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

 
Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.

Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement.

Splunk also has policies in place to protect the personal information candidates disclose to us as part of the application process. Please click here to review Splunk’s Career Site Privacy Policy.

Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision. 
 
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to accessiblecareers@splunk.com. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.

To check on your application click here.
 
DIVE DEEPER
Find out what makes Splunk such a great place to work
Our Values

Splunkers are encouraged and empowered to be Innovative, Passionate, Disruptive, Open and Fun.
Learn More

Our Locations

From San Francisco to Shanghai, Splunkers work in 25+ offices across the globe.
Learn More

University Recruiting Program

Intern with people you want to hang out with, even outside the office.
Learn More

Our Blog

Hear from Splunkers on the latest.
Learn More

Diversity & Inclusion

Culture of Inclusion: Splunkers Share Their Stories
Learn More

LinkedIn

Follow Splunk on LinkedIn for job announcements, company news, and more.
Learn More