Principal Application Pen Tester (US Remote Available)

Security and Risk Management San Jose, California San Francisco, California Plano, Texas Seattle, Washington New York, New York Los Angeles, CA, California McLean, Virginia Boulder, Colorado


Join Splunk as we pursue our disruptive new vision to make machine data accessible, usable, and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun, and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

About the role

As a principal member of the Penetration Testing team, you will be responsible for testing all of Splunk’s customer-facing products, and helping mature the offensive security program at Splunk. This role involves crafting attack plans, carrying out pen test engagements, and writing up reports for development teams with detailed descriptions of findings and recommendations. You’ll also consult with members of the Product Security team to provide insight into vulnerabilities and appropriate security controls to build as well as secure development practices. As Splunk’s business rapidly shifts to cloud-based services, a crucial component for the role is an understanding of cloud delivery models for building and deploying applications.

Opportunities in this role include: understanding the diverse Splunk product portfolio, risk-based prioritization, ensuring penetration testing coverage, remediation guidance, secure design pattern consulting, incident response guidance, and bug bounty decisions.


  • Have significant hands on penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, Multi Tier architecture or Distributed Systems
  • Have a mature understanding of coverage and risk as an outcome of pen-testing as it relates to product security posture and business needs
  • Track and research the latest developments in vulnerability research
  • Have the ability to develop or adapt custom tooling to solve new needs
  • Ability to teach and provide feedback to coworkers
  • Be accountable for internal programs related to the work area.
  • Build relationships with engineering teams to drive Splunk products to a mature security state


  • 8+ years experience in application level penetration testing
  • Strong understanding of vulnerabilities, common attack vectors and how to resolve them
  • Ability to quickly comprehend and digest application/systems designs
  • Attacker mindset: ability to think creatively about relevant threats and attacks
  • Ability to organize and lead others in a pen test through an attack plan on complex application and systems designs
  • Well-rounded background in application, network, and system security
  • Familiarity with public cloud platforms (preferably AWS and GCP)
  • Effective written and verbal communication

Desired Skills:

  • Experience with Splunk products
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
  • Relevant development/scripting/automation experience in C++, Javascript, Python, Go
  • Familiarity with “big data” and distributed systems technology
  • Ability to drive efforts as a SME: thinking in whole systems, working within and between teams to have a positive security impact

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

(Colorado only*) Minimum base salary of $135,000.00. You may also be eligible for incentive pay + equity + benefits.*Note: Disclosure per sb19-085 (8-5-201 et seq).

Thank you for your interest in Splunk!