Menu

← Return to Job Board

Senior Security Engineer – Application Penetration Testing Lead

Splunk – SAN JOSE, SAN FRANCISCO, SEATTLE, BOULDER, CA, United States - Published On 2/4/19

Description

Senior Security Engineer – Application Penetration Testing Lead



You will be responsible for developing and maturing the offensive security program at Splunk. This includes but is not limited to managing penetration testing coverage of the Splunk product landscape, overseeing red team operations, external vulnerability reports and closure of known security issues. This role involves working closely with the Director of Product Security and Engineering Leads to help them understand the risk associated with different product vulnerabilities and provide remediation guidance. As the offensive security lead, you will ensure knowledge creation around common vulnerabilities within Splunk products and corresponding secure development practices.



Challenges in this role include: understanding the Splunk product universe, risk based prioritization, ensuring penetration testing coverage, remediation guidance, incident response guidance, and bug bounty decisions.



You will be an ideal candidate if you:



Are capable of establishing a baseline product risk landscape and continuously update the landscape with new features/products.
Are capable of assessing risk accurately, manage multiple penetration testing projects and a team of penetration testers.
Have significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, infrastructure (cloud and on-prem).
Track and research the latest developments in vulnerability research.
Have a proven track record in managing bug bounty program and relationships with the researcher community.
Have experience using standard tools for penetration testing, and have the ability to develop or adapt custom tooling to solve new needs.
Have an ability and interest in creating education and awareness about secure coding practices.





Required Skills:

7-10+ Years experience in offensive security.
Strong understanding of vulnerabilities, common attack vectors and how to resolve them.
Attacker mindset: ability to think about creative threats and attack vectors.
Well-rounded background in host, network and application security.
Familiarity with cloud platforms (preferably AWS).
Effective written and oral communication with multiple levels of leadership involving both business and technical sides of the business.
Ability to present technical risks to broader audience.

Desired Skills:

Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
Relevant development/scripting/automation experience in C++, Javascript, Python, Go
Experience with Splunk


We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

Thank you for your interest in Splunk!

How to Apply

Please email hparekh@splunk.com

This document was retrieved from http://www.rsaconference.com/jobs/view/1200 on Tue, 19 Feb 2019 03:56:41 -0500.