Senior Operations Engineer, Splunk Security

Job Description

Join us as we pursue our exciting new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

Role

Do you want to make a difference in the security posture of an entire company? In this role, you will be responsible for developing, fixing, and debugging internal deployments of Splunk products, such as Splunk Cloud Platform and SOAR. You will have an expert level understanding of Information Security and Software Development principles coupled with a strong aspiration to learn and grow within the organization. This role will be part of the Splunk Security Center of Excellence team and will engage in problem solving, effectively elevating the internal customer experience, automating processes, and improving the reliability of our services. This is an upbeat team who has fun and enjoys a good laugh but above all else thinks security first!

Responsibilities

• Work closely with the Splunk Global Security (SGS) teams to improve existing automation and search initiatives that deliver resilient solutions
• Tap into your expertise of all things Splunk to address sophisticated issues while mentoring new engineers
• Perform as a technical team lead to help lead prioritization efforts across your shift
• Drive projects from conception to implementation across the full Splunk product portfolio
• Assess, design, and improve SGS processes and workflows with a focus on integrating automation through various tools
• Own the end-to-end development of custom data onboarding scripts and add-ons for internal corporate tools and services
• Integrate new, complicated logging sources and build intricate playbooks and custom scripts to automate current detection and response workflows while unlocking operational efficiencies
• Analyze internal metrics and workflows to reduce false positives and accurately focus engineering efforts
• Develop repeatable processes to build and remediate playbooks in order to efficiently resolve any incidents that arise
• Build high-quality documentation to establish repeatable, reproducible processes to drive consistency of execution across the team
• Implement validated security strategies related to our team’s Linux-based and AWS-based infrastructure, Python code, and containerized services

Requirements

• 5+ years of strong background in Cybersecurity technologies with focus on one or more of the following areas such as SIEM, vulnerability management, firewalls, forensics, data logging, and IAM
• 5+ years of demonstrable experience in tool integrations and software development, with strengths in CI/CD and REST APIs, Python, Golang, JavaScript, or similar
• Fully proficient in git and version control systems, like GitLab and GitHub
• Demonstrated expertise working as a SOC analyst with career progression, incident responder or penetration tester
• Skilled in Linux administration and Cloud Technologies, such as AWS.
• Excellent communication skills, both verbal and written; able to explain intricate technical topics to varying groups
• Splunk Certified Architect or 2+ years architecture experience managing distributed Splunk deployment and all components - OR -
• Splunk Certified Developer or 2+ years developing Splunk applications and add-ons - OR -
• Splunk SOAR Certified Automation Developer or 2+ years designing, creating, and debugging SOAR playbooks

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.