Product Vulnerability Management Engineer
Description
Are you passionate about tackling sophisticated, high-impact security challenges at scale? Join our dynamic Software Security Engineering team and work alongside product development teams to embed ground breaking secure software practices across the entire Splunk product portfolio. In this role, you'll dive deep into identifying evolving vulnerability patterns, analyze real-world attack tactics, and craft innovative security solutions that safeguard Splunk’s industry-leading products. Collaborating with Product Security, Risk, and Compliance teams, you’ll play a pivotal role in ensuring Splunk not only meets but exceeds new policy and regulatory requirements. Get ready to make a tangible impact on the future of security at Splunk!
Meet the Global Security Team
Splunk is here to build a safer and more resilient digital world. The world's leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. While customers love our technology, it's our people that make Splunk stand out as an amazing career destination and why we've won so many awards as a best place to work. If you become a Splunker, we want your whole, authentic self, what we call your "million data points". So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you.
What you'll get to do
- Analyze and Innovate: Identify emerging code vulnerability trends and research real-world attack patterns to stay ahead of evolving security threats.
- Develop Cutting-Edge Solutions: Design and implement sophisticated security mechanisms that protect Splunk’s products from vulnerabilities and attacks.
- Collaborate Across Teams: Work closely with Product Development, Product Security, Risk, and Compliance teams to ensure security is woven into every phase of the software development lifecycle.
- Shape Security Strategy: Contribute to crafting Splunk’s security strategy by integrating secure coding standards and vulnerability management into the product pipeline.
- Drive Regulatory Excellence: Ensure Splunk remains proactive and aligned with the latest policy and regulatory requirements.
Must-have Qualifications
- 3 years in software security, with a deep understanding of secure coding practices, vulnerability management, and common security flaws (e.g., OWASP Top 10).
- 3 years of programming in languages such as Python, Java, C++, or Go, and the ability to identify and remediate security issues in code.
- Understanding of risk management principles and popular regulatory requirements (e.g., FEDRAMP, HIPAA, SOC 2) and how they impact security and software development.
- Analytical and problem-solving abilities to address sophisticated security challenges at scale.
- Bachelors degree in Computer Science, Security, or equivalent work experience.
Nice-to-have Qualifications
We’ve taken special care to separate the must-have qualifications from the nice-to-haves. “Nice-to-have” means just that: Nice. To. Have. So, don’t worry if you can’t check off every box. We’re not hiring a list of bullet points–we’re interested in the whole you.
- Familiarity with threat modeling techniques.
- Experience implementing security tooling and automation within software build pipelines.
- Proven track record to work effectively in cross-functional teams to implement security practices.
- Security certifications such as CompTIA Security+ or GIAC Security Essentials.
Splunk is an Equal Opportunity Employer
Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Note:
Thank you for your interest in Splunk!