Principal Product Security Engineer - Cyber Security (US Remote Available)

Security and Risk Management San Francisco, California Plano, Texas Seattle, Washington Boston, Massachusetts Los Angeles, CA, California McLean, Virginia San Jose, California Boulder, Colorado


Join Splunk as we pursue our innovative new vision to make machine data accessible, usable, and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun, and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

About The Role

The Product Security team at Splunk identifies security risks and ensures mitigation across all Splunk products. The Splunk products organization releases several hundred applications at a regular cadence. As a Principal Product Security Engineer, you will work closely with all our internal development teams to ensure we build security in from day one and follow standard methodologies. Ideally, you will have a proven development background, with experience assessing threats for a given architecture and experience working with engineering teams to design secure products.

Identifying threats and attack vectors that apply to both on-premises and cloud products is a critical aspect of this role. In addition, you will identify common security anti-patterns across products and engineering teams. We value the commitment to solutions that address the common security issues strategically, at scale!


  • Perform Threat Modeling, security design review of distributed systems, APIs, and on-premises solutions.
  • Translate compliance and security requirements into product requirements.
  • Work with engineers to identify the tradeoffs of different design choices from a security standpoint and recommend the ideal design to meet security requirements.
  • Guide secure development in a large, complex environment.

Required Skills:

  • Experience performing Threat Modeling and architecture reviews for complex applications.
  • Experience addressing systemic issues through root cause analysis, building security solutions, and, project leadership.
  • In-depth knowledge of common application & network protocols, cryptographic technologies, authentication & authorization protocols, common security threats, such as attack-techniques, evasive techniques, and preventative & defensive methods.
  • Ability to pragmatic security advice for web applications, mobile applications, on-premises software, and cloud software.
  • Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
  • 10+ years of total experience in product or application security and 4+ years in cloud security
  • Ability to operate in dynamic and highly technical organizations.

Desired Skills:

  • Deep understanding of browser security and JavaScript frameworks.
  • Understanding of security features in Container and Container Orchestration technologies (Docker, Kubernetes, etc).
  • Experience with authentication and authorization protocols like OAuth, OIDC, and, SAML.
  • Understanding of web technologies: React+Redux, GraphQL, Web-Sockets, etc.
  • Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, FedRAMP
  • Published contributions to the security community.

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

(Colorado only*) Minimum base salary of $135,000.00. You may also be eligible for incentive pay + equity + benefits.*Note: Disclosure per sb19-085 (8-5-201 et seq).

Thank you for your interest in Splunk!