Senior Application Security Engineer, CI/CD (US Remote Available)
Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
Splunk’s IT-CICD team is responsible for enabling Development teams to move code faster and with less friction to production. This responsibility is supported by developing automated build and release pipelines, supporting testing frameworks, building artifact management services, and fast feedback systems. Whether it’s containers or VMs, we’re at the center of building and releasing code with our customers. The result is automated code delivery, fast time-to-market, and increased business value.
We are actively seeking an Application Security (AppSec) Engineer to join our team. You will be responsible for engaging with IT teams to ensure security is a first priority when developing services. You will also ensure we’re in lock step with Splunk’s larger security initiatives and develop our CICD security services. Engaging with other teams and communicating with stakeholders will be a regular part of the job. We’re looking for an individual who’s motivated by technology, enjoys automation, and problem-solving.
- Development of Release Management strategies for various architectures; Zero Downtime Deployments, Blue-Green, Canary Releases, etc.
- Design and implementation of security tooling within the SDLC
- Evangelize secure coding practices
- Perform gap analysis with IT customers
- Build threat models around developer code bases and releases
- Contribute to artifact build, release, and deploy pipeline integrations
- Act as liaison with the greater Splunk security team
- Build application integrations with Splunk's Observability toolings such as Splunk APM
- Container, environment, and configuration management
- Deep understanding of systems administration concepts
- Solid experience with security tooling and best practices for implementation in development pipelines and infrastructure.
- Experience with security event management, vulnerability management, intrusion detection, and threat management systems (Azure Sentinel, Splunk).
- In depth experience with configuring continuous integration software in a globally distributed environment using tools like GitLab, CircleCi, Jenkins, A, Azure DevOps Pipelines, etc.
- Solid experience with scripting languages such as Python, Ruby, or Golang
- Proven expertise with container technology such as Docker, LXC, and Kubernetes
- You have strong grasp of the SDLC
- Solid understanding of cloud computing - AWS, GCE, Azure, etc.
- Familiarity with progressive deployment models and developer feedback loops
- Working knowledge of Networking concepts and their application in the cloud
- And of course, a passion for security and release engineering!
What We Offer You: Wow, I want that.
- A constant stream of new things for you to learn. We're always expanding into new areas, bringing in open source projects and contributing back, and exploring new technologies.
- A set of extraordinarily hardworking, innovative, open, fun and dedicated peers, all the way from engineering and QA to product management and customer support.
- Growth and mentorship. We believe in growing engineers through ownership and leadership opportunities. We also believe mentors help both sides of the equation.
- A stable, collaborative and supportive work environment.
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.
(Colorado only*) Minimum base salary of $115,000.00. You may also be eligible for incentive pay + equity + benefits.*Note: Disclosure per sb19-085 (8-5-201 et seq).
Thank you for your interest in Splunk!
Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.
We value diversity, equity, and inclusion at Splunk and are committed to equal employment opportunity. Qualified applicants receive consideration for employment without regard to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition, genetic information, veteran status, or any other consideration made unlawful by federal, state, or local laws. We consider qualified applicants with criminal histories, consistent with legal requirements. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement. If you need assistance or an accommodation to apply or during the hiring process, please let us know by completing our Accommodation Request form.
To conform to U.S. export control regulations, applicants must be eligible for required authorizations from the U.S. Government.
Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision.
Splunk is committed to the health and safety of our employees and customers. We comply with local, state/territory, and federal regulations to prevent the spread of COVID-19 in the countries in which we operate. Preventative measures may require individuals entering Splunk offices to be fully vaccinated and in some cases may require employees to show proof of full vaccination. Splunk provides reasonable accommodations for employees who have qualifying medical or religious reasons.
Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.