Vulnerability Management Engineer (Costa Rica)
Description
Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back.
About The Role
Do you enjoy securing products which have a global impact? As a Vulnerability Management Engineer you will perform and lead security and vulnerability assessments in collaboration with internal teams, assist in developing new capabilities for our Vulnerability Management Program, and work with other engineers to assure the security of Splunk products. This role will report to the Manager of Vulnerability Management.
We are a passionate team who has fun, enjoys a good laugh, but above all else thinks security first. If you are passionate about and have an advanced level of working knowledge in information security while having desire to always learn and improve this job is for you!
What you'll get to do
- Analyze vulnerability data/Identifying trends to perform root-cause analysis
- Assist in development of new security standards and baselines
- Perform vulnerability assessments and act as a point of contact for engineering teams to drive remediation of security concerns and active incidents.
- Respond to emerging security events and threats
- Triage vulnerabilities to provide company specific severity guidance
- Ensure remediation team compliance to regulatory standards
- Lead security discussions, vulnerability assessments, propose and discuss solutions to security tools that are directly related to their area of focus with the assistance of senior staff as needed.
Must-have Qualifications
- 5+ years of experience in a vulnerability management engineer (or related information security role) capacity with a Bachelor's degree in computer science, information systems, or related degree
- Must have experience with vulnerability management or assessments and security concepts
- Proven proficiency with vulnerability scanning and management platforms such as Tenable, Qualys, Rapid7, or similar
- Familiarity with external configuration compliance standards such as CIS Benchmarks and DISA STIGs
- Experience with risk-based vulnerability management, configuration compliance, including threat modeling, CVSS scoring, and prioritization methodologies
- In depth knowledge on the best remediation techniques for different vulnerabilities and the ability to explain them to engineering teams.
- Analytical and problem-solving skills, with an ability to balance security needs with business impact
- Knowledge of common security threats, such as attack-techniques, evasive techniques, and preventative & defensive methods.
- Understanding of security features in Container and Container Orchestration technologies (Docker, Kubernetes, etc).
- Knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
- Experience addressing systemic security issues through root cause analysis
Nice-to-have Qualifications
We’ve taken special care to separate the must-have qualifications from the nice-to-haves. “Nice-to-have” means just that: Nice. To. Have. So, don’t worry if you can’t check off every box. We’re not hiring a list of bullet points–we’re interested in the whole you.
- Functional in using Splunk Search Processing Language (SPL)
- Familiarity of compliance requirements for certifications like PCI DSS, SOC2, HIPAA, etc.
Splunk is an Equal Opportunity Employer
Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Note:
Thank you for your interest in Splunk!