Principal Cloud Security Engineer
You will work closely with all our internal development teams to ensure we build in security from day one and follow best practices. Ideally you will have a solid development background and have progressed to be a Cloud security expert.
You will work closely with developers to build and deliver secure software using DevOps and cloud services, specifically Amazon Web Services (AWS). You will be responsible for leveragingprinciples, practices and tools in DevOps and AWS to improve the reliability, integrity and security of applications.
Your ability to keep up to date on all cloud architecture and security design, both for building new architectures and for adapting tried-and-true security tools and processes to the cloud is key.
You will be an ideal candidate if:
- Have significant experience performing security design review of distributed systems and APIs.
- Served as a cloud security SME for high visibility cloud initiatives.
- Created security reference architecture for multi-tenant cloud initiatives.
- Have knowledge of cloud computing (preferably AWS) operations and how to secure them.
- Have an ability to translate compliance and security requirements into product requirements.
- Have an ability to work with engineers to identify thetradeoffs of different solutions and recommend the idealdesign to meet security requirements.
- Have experience in secure development especially in large, complex system environments.
- Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
- Subject matter expertise in multiple domains, including cloud security, web security, mobile security, AuthN/Authzprotocols (SAML, JWT, OAuth, OpenID, Ping, Okta, etc.) and infrastructure security (Chef/Puppet).
- Experience in applying security to cloud technologies(Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security)
- Knowledge of primary AWS services (EC2, ELB, RDS, Route53, S3, Lambda) and IAM implementation
- Expertise in cloud architecture and security fundamentals including containers, software-defined networks, high availability design, multicloud, and serverless compute.
- Hands on experience in driving end to end security for cloud product - SAST, DAST, IAST, OSS scanning, pen testing.
- Expert in threat modeling and secure architecture review.
- 10+ years total experience and 4+ years in Cloud Security
- Presenting security risks to wide audience including senior management
- Experience designing and building security services in a SecDevOps cloud operations model.
- Experience with Docker and Kubernetes.
- Knowledge of compliance requirements for industry standard certifications like like PCI DSS, SOC2, HIPAA, FedRAMP
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.
Thank you for your interest in Splunk!
Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.
Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement.
Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision.
Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to firstname.lastname@example.org. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.
Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.
To check on your application click here.