Principal Product Security Engineer

Engineering San Jose, California San Francisco, California Seattle, Washington Boulder, Colorado


The Product Security team at Splunk is responsible for identifying security risks and ensuring mitigation across all Splunk products. The Splunk products organization releases several hundred applications at a regular cadence. As a Principal Product Security Engineer, you will work closely with all our internal development teams to ensure we build security in from day one and follow standard methodologies. Ideally, you will have a proven development background, with experience assessing threats for a given architecture and experience working with engineering teams to design secure products.

Identifying threats and attack-vectors that apply to both on-premises and cloud products is a critical aspect of this role. In addition, you will identify common security anti-patterns across products and engineering teams. We value the commitment to solutions that address the common security issues strategically, at scale!

You will be an ideal candidate if:

  • Have significant experience performing security design review of distributed systems, APIs, and on-premises solutions.
  • Have an ability to translate compliance and security requirements into product requirements.
  • Have the ability to work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements.
  • Have experience in secure development in large, complex system environments.

Required Skills:

  • Proven experience performing Threat Modeling and architecture reviews for complex applications.
  • Experience addressing systemic issues through root cause analysis, building security solutions and project leadership.
  • In-depth knowledge of common application & network protocols, cryptographic technologies, authentication & authorization protocols, common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
  • Ability to pragmatic security advice for web applications, mobile applications, on-premises software, and cloud software.
  • Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
  • 10+ years of total experience in product or application security and 4+ years in cloud security
  • Ability to execute in multifaceted and highly technical organizations.

Desired Skills:

  • Deep understanding of browser security and modern JavaScript frameworks.
  • Understanding of security features in container and container orchestration technologies (Docker, Kubernetes, etc).
  • Experience with authentication and authorization protocols like OAuth, OIDC, SAML.
  • Understanding of modern web technologies: React+Redux, GraphQL, Web-Sockets, etc.
  • Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, FedRAMP
  • Published contributions to the security community.

Thank you for your interest in Splunk!

Splunk is an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Thank you for your interest in Splunk!