Senior Manager, Threat Hunting & Intelligence (US Remote Available)

Security and Risk Management San Francisco, California Seattle, Washington McLean, Virginia San Jose, California Boulder, Colorado


Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

Role

The Senior Manager, Threat Hunting & Intelligence reports to the Director of Detection & Monitoring Operations. The role is based in McLean, VA, San Francisco Bay Area or Remote. In this role, you will be responsible for the day-to-day operations of the Threat Intelligence team. You will have a deep understanding of Information Security principles coupled with solid grasp of what it takes to run a Threat Intelligence team within Splunk and a strong desire to learn and grow. We are a passionate team who has fun, enjoys a good laugh but above all else thinks security first!

Responsibilities

  • Lead day-to-day operations of the Splunk Threat Intelligence team to monitor, track and analyze Threat Actor Groups and emerging threats in service of the defense of the enterprise.
  • Understand the sophisticated threats that Splunk may be exposed to and lead dissemination of that information in an actionable way
  • Maintain team resources to support business & operational needs
  • Establish and sustain service level goals with key business partners while seeking opportunities to improve upon them
  • Raise issues to leadership in a timely manner with appropriate information regarding risk, action times, and root cause analysis
  • Develops program metrics and reporting frameworks, compiles and analyzes data for accurately timely reporting of activity
  • Drive prioritization and focus across several cross-functional service areas to support Intelligence-driven operations
  • Establish and maintain relationships with industry partners to continuously improve Splunk's defensive posture
  • Define core competencies of intelligence practitioners to ensure ongoing development of internal resources
  • Build technical briefs and speak to customers and partners about Splunk’s use of Splunk security products, and how we maximize our partner ecosystem.

Requirements

  • At least 3 years experience managing a threat intelligence, incident response, or similar team
  • Ability to build positive relationships internally and externally, in-person and virtually
  • Detailed understanding of the MITRE ATT&CK Framework and/or the Cyber Kill Chain
  • Demonstrated ability to identify, coordinate and respond to security incidents using commercial and/or open source technologies.
  • Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
  • Advanced understanding of attacks impacting a cloud native environment
  • Ability to summarize events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
  • Eligible to work in the United States without company sponsorship

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

Thank you for your interest in Splunk!