Sr. Splunk User Behavior Analytics Engineer-Remote Opportunity

Security and Risk Management San Jose, California San Francisco, California Seattle, Washington McLean, Virginia


As a member of the Security Engineering team, you will work with other security teams to execute on strategic plans and develop tactical execution methodologies which improve the “protect, detect, and respond” capabilities of Splunk’s Global Security Team.

We are looking for a team member that has a passion for deploying, tuning, and improving Splunk's UBA security solution to protect our organization, people, and assets. You will collaborate with our engineers, operations teams, incident responders, and threat intel teams, as well as our security solution providers, to help them use the capabilities of UBA and achieve success.

Our Splunk UBA Engineers work with our teams to realize the potential of Splunk solutions by working directly with the Detection Monitoring and Operations (DMO) team and product management. The role involves not only developing the solutions but working with our internal customers and partners to improve their projects by providing mentorship on how to work through technical issues and challenges. The ideal candidate enjoys the challenge of solving sophisticated problems and seeing results that generate success.


We provide engineering and operational support for cutting edge security tools, focusing on Splunk UBA. This security engineering professional role is responsible for Planning, Design, Testing, Deployment/Implementation, Break/Fix, Patching, Change Control and Service Maintenance/Support/Updates of highly sophisticated security systems to fulfill Splunk’s business needs. The following areas will be your focus:

  • Design, Build, Deploy, Run, Maintain & Fix Infrastructure (Dev & Prod)
  • Ensure timely patching and updates to underlying OS as well as solution
  • Monitor data from UBA to ensure usability
  • Improve UBA by identifying and integrating new data sources
  • In conjunction with DMO, tune UBA performance & detections
  • Provide Anomaly detection for the data
  • Be the Tier-3 support for Splunk Global Security
  • Mentor others on both the Engineering and Operations teams on Machine Learning, Splunk Enterprise Security, and UBA
  • Work with DMO team to ensure accurate use of UBA
  • Work closely with legal and privacy to ensure solutions and sources are accurately vetted
  • Provide feedback to the Product Management team on usage and improvements for the “next generation” of UBA products from Splunk
  • Design, create, deploy, test, custom ML models using various tools (UBA, MLTK, SMLE) to solve Security problems, and potentially spot performance related problems in advance
  • Crafting custom content to detect security related anomalies that are outside of the scope of all existing tools


  • Extensive Experience with Splunk Enterprise and Splunk User Behavior Analytics
  • A strong foundation in the deployment of a wide range of security solutions. Experience in Linux and networking is required
  • Possess the ability to accurately assess problems and requests from multiple perspectives, analyze approach feasibility, and decide on the most efficient course of action
  • Achieve security engineering’s goals / objectives that drive engineering projects by taking ownership and delivering results
  • 6 or more years of security experience in one or more of these critical areas: Information Security Technology, Engineering, Operations, Technology Infrastructure and Proof of Concept - testing labs
  • Communicate data, facts, and analysis regarding operational delivery
  • Remarkable written and oral communication skills; strong presentation skills
  • We will support collaboration when working on security goals & objectives
  • Eligible to work in the US without sponsorship from a company

Nice to Haves:

  • Substantial security certifications (CISSP, CISM, etc.)
  • Understand GDPR, PCI and FedRAMP regulations and the protections afforded customers and employees
  • Experience in any of the following: Security Operations Centers, Security Consulting, Incident Response, Architecture / systems engineering

Thank you for your interest in Splunk!