Splunk is here to build a safer and more resilient digital world.The world's leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable.While customers love our technology, it's our people that make Splunk stand out as an amazing career destination and why we've won so many awards as a best place to work.If you become a Splunker, we want your whole, authentic self, what we call your "million data points".So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you.Role SummaryAs a member of the Application Security team, you will be responsible for testing all of Splunk's customer-facing products, and helping mature the offensive security program at Splunk.This role involves evaluating remediation for discovered vulnerabilities, carrying out application security engagements, authoring reports for development teams with detailed descriptions of findings and recommendations and working with development teams on Security Advisories.You'll also collaborate with members of the Application Security Architecture and Secure Software Development teams to provide insight into vulnerabilities and appropriate security controls to build as well as secure development practices.As Splunk's business rapidly shifts to cloud-based services, it is important to have an understanding of cloud delivery models for building and deploying applications.Challenges in this role include: understanding the diverse Splunk product portfolio, risk-based prioritization, remediation guidance, secure design pattern consulting, incident response guidance, and bug bounty decisions.What you'll get to doHave hands on application security experience and knowledge of offensive capabilities in numerous areas including web applications, mobile applications, networks, Multi Tier architecture or Distributed SystemsHave a mature understanding of coverage and risk as a outcome of application security as it relates to product security posture and business needsTrack and research the latest developments in application security researchHave the ability to develop or adapt custom tooling to solve new needsAbility to guide and provide feedback to coworkersAbility to be accountable for internal programs related to the work areaEstablish relationships with engineering teams to drive Splunk products to a mature security stateHave experience with security advisoriesMust-have QualificationsMinimum 2+ years of demonstrated ability in application level penetration testingStrong understanding of vulnerabilities, common attack vectors and how to resolve themAbility to quickly comprehend and digest application/systems designsAttacker mindset: ability to think creatively about relevant threats and attacksWell-rounded background in application, network, and system securityFamiliarity with public cloud platforms (preferably AWS and GCP)Effective written and oral communicationNice-to-have QualificationsWe've taken special care to separate the must-have qualifications from the nice-to-haves."Nice-to-have" means just that: Nice.To.Have.So, don't worry if you can't check off every box.We're not hiring a list of bullet points–we're interested in the whole you.Experience with Splunk productsContributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publicationsRelevant development/scripting/automation experience in C++, Javascript, Python, GoAbility to drive efforts as a SME: thinking in whole systems, working within and between teams to have a positive security impact
