Offensive Security Engineer
Description
About Splunk
Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back.
About The Role
You will be a member of the Offensive Security team, and will be responsible for testing all of Splunk’s customer-facing products, and helping mature the offensive security program at Splunk. This role involves crafting attack plans, carrying out pen test engagements for development teams with detailed descriptions of findings including recommendations and reproduction steps. You’ll also consult with members of the Product Security team to provide insight into vulnerabilities and appropriate security controls to build as well as secure development practices. As Splunk’s business rapidly shifts to cloud-based services, crucial for the role is an understanding of cloud delivery models for building and deploying applications.
Challenges in this role include: understanding the diverse Splunk product portfolio, risk-based prioritization, ensuring penetration testing coverage, remediation guidance, secure design pattern consulting, incident response guidance, and bug bounty decisions.
You will be an ideal candidate if you:
- Have hands on penetration testing experience and offensive capabilities in two or more core competency areas including web applications, mobile applications, networks, Multi Tier architecture or Distributed Systems
- Perform comprehensive application penetration tests independently or collaboratively as part of a team.
- Drive team improvements by contributing to tooling enhancements, innovation, and process optimization.
- Collaborate effectively with security partners, service owners, and senior leadership to influence and prioritize the resolution of identified security vulnerabilities.
Required Skills:
- 4-6+ years of demonstrated ability in application level penetration testing
- Strong understanding of vulnerabilities, common attack vectors and how to resolve them
- Ability to quickly comprehend and digest application/systems designs
- Attacker mindset: ability to think creatively about relevant threats and attacks
- Ability to prioritize a pentest through an attack plan on complex application and systems designs
- Familiarity with public cloud platforms
- Effective written and verbal communication
Nice-to-have Qualifications
We’ve taken special care to separate the must-have qualifications from the nice-to-haves. “Nice-to-have” means just that: Nice. To. Have. So, don’t worry if you can’t check off every box. We’re not hiring a list of bullet points–we’re interested in the whole you.
- Experience with Splunk products
- Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
- Relevant development/scripting/automation experience in C++, Javascript, Python, Go
- Ability to drive efforts as a SME: thinking in whole systems, working within and between teams to have a positive security impact
Splunk is an Equal Opportunity Employer
At Splunk, we believe creating a culture of belonging isn’t just the right thing to do; it’s also the smart thing. We prioritize diversity, equity, inclusion, and belonging to ensure our employees are supported to bring their best, most authentic selves to work where they can thrive. Qualified applicants receive consideration for employment without regard to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition, genetic information, veteran status, or any other consideration made unlawful by federal, state, or local laws. We consider qualified applicants with criminal histories, consistent with legal requirements.
Note:
Base Pay Range
Costa Rica
Base Pay: CRC 24,000,000.00 - 33,000,000.00 per year
Splunk provides flexibility and choice in the working arrangement for most roles, including remote and/or in-office roles. We have a market-based pay structure which varies by location. Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location as set out above, as well as the knowledge, skills and experience of the candidate. In addition to base pay, this role is eligible for incentive compensation and may be eligible for equity or long-term cash awards.
Benefits are an important part of Splunk's Total Rewards package. This role is eligible for a comprehensive, competitive benefits package which may include healthcare and retirement plans, paid time off, wellbeing expense reimbursement, and much more! Learn more about our next-level benefits at https://splunkbenefits.com.
Thank you for your interest in Splunk!