Senior Security Engineer - Application Pen Testing (Remote)

Senior Security Engineer - Application Pen Testing
We have an exciting new vision to make machine data accessible, usable, and valuable to everyone. Our engineers are passionate about our products and our customers demand more of it. At Splunk, we’re committed to our people, customers and having fun at work! Splunk is an industry leader in the “Data to Everything” platform and is well-positioned to extend the lead with our bold new vision.
You will be a senior member of the Penetration Testing team, and will be responsible for testing all of Splunk’s customer-facing products, and helping mature the offensive security program at Splunk. This role involves crafting charge plans, carrying out pen test engagements, and writing up reports for development teams with detailed descriptions of findings and recommendations. You’ll also advise members of the Product Security team to provide insight into vulnerabilities and appropriate security controls to build as well as secure development practices. As Splunk’s business rapidly shifts to cloud-based services, crucial for the role is an understanding of cloud delivery models for building and deploying applications.
Challenges in this role include: understanding the diverse Splunk product portfolio, risk-based prioritization, ensuring penetration testing coverage, remediation mentorship, secure design pattern consulting, incident response mentorship, and bug bounty decisions.
You will be an ideal candidate if you:
  • Have significant hands on penetration testing experience and offensive capabilities in numerous core proficiency areas including web applications, mobile applications, networks, Multitier architecture or Distributed Systems
  • Have a mature understanding of coverage and risk as a outcome of pentesting as it relates to product security posture and business needs
  • Track and research the latest developments in vulnerability research
  • Develop or adapt custom tooling to solve new needs
  • Have the ability to establish links with engineering teams to drive Splunk products to a mature security state
Required Skills:
  • 7+ years experience in application level penetration testing
  • Strong understanding of vulnerabilities, common attack vectors and how to resolve them
  • Ability to quickly comprehend and digest application/systems designs
  • Attacker attitude: ability to think creatively about relevant threats and attacks
  • Ability to coordinate and lead others in a pentest through an attack plan on complex application and systems designs
  • Well-rounded background in application, network, and system security
  • Familiarity with public cloud platforms (preferably AWS)
  • Effective written and verbal communication
Desired Skills:
  • Experience with Splunk products
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
  • Relevant development/scripting/automation experience in C++, Javascript, Python, Go
  • Familiarity with “big data” and distributed systems technology
  • Ability to drive efforts as a SME: thinking in whole systems, working within and between teams to have a positive security impact.
  • Open to remote as well

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.