Senior Security Analyst/Engineer - Product Security Incident Response Team (PSIRT)
San Francisco, CA

Job Description

Senior Security Analyst - Product Security Incident Response Team (PSIRT) and Vulnerability Management

Come and join our growing Splunk PSIR (Product Security Incident Response)team of Security Engineers; be a part of a high-powered and high-performing team that regularly works across the entire organization, with everyone from product teams to executives. Urgent escalations from enterprise customers, investigating open source vulnerabilities, performing variant analysis, root cause analysis, working with security researchers and a regular patching cycle are all core to this role. The work is diverse, has executive level visibility, and is ever changing. Splunk PSIRT (Product Security Incident Response Team) is responsible for:

* Splunk product vulnerability management process for on-premise and cloud Splunk products and applications.
* Coordination of customer/external product security incidents and reported security issues affecting various Splunk products and applications.
* Working cross-functionally with all business units, sustaining engineers, product security team members, customer support, legal and external security researchers to ensure timely resolution of security incidents and events.
* Development, maintenance and continuous improvement of the product security incident monitoring, detection and response tools and process, including all required supporting materials.
* Leading post-incident reviews for presentation to management.

We are looking for a new team member who will be responsible to perform following activities:

* Lead and own Vulnerability Management Process - triage security related issues (external / internal), verify those on different Splunk versions, products.
* Perform variant analysis and root cause analysis to find systematic bugs.
* Triage code defect based issues, quantitatively evaluate risk and provide guidance to engineering teams regarding the impact of security issues using industry standard metrics such as CVSS.
* Investigate, track and remediate open source vulnerabilities.
* Work closely with project management, product management, engineering and sustaining teams to drive issues to closure.
* Track and report on remediation efforts.
* Improve and perform Security Advisory Process.
* Actively hunt for bugs in Splunk products and applications using various static code analysis, dynamic analysis, variant analysis and pen testing tools. Provide input to tools and pen test team to enable systemic issue identification.
* Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration. Work with customer facing and internal teams to continually improve processes used to identify and fix product security issues
* Enhance existing product security incident response program

Education:

* Bachelor's/Master's in Computer Science or equivalent
* Relevant information security certifications, such as SANS/GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH), SANS GPEN, or Offensive Security OSCP/OSCE

Requirements:

* Minimum 5-7 years of Application Security Experience
* At least two-three years of experience with CSIRT, CIRT, PSIRT functions
* Solid understanding of OWASP Top 10
* Understands common classes of product security vulnerabilities and attack/defense methodologies deeply
* Experience with issue management as well as designing/defining proactive mitigation strategies
* Strong written and verbal communications skills
* Proven ability to build relationships and influence individuals at all levels, as well as external security researchers, vendors and service providers
* Able to learn new languages
* Experience with various application security tools - Static code analysis, dynamic code analysis, vulnerability scanning, pen testing
* Ability to track and lead numerous parallel activities
* Good understanding of Windows and Linux Operating systems
* Understands common classes of product security vulnerabilities and attack/defense methodologies deeply
* AWS/Cloud Experience a strong plus
* Bug bounty program participation a plus
* Knowledge of the security research community is a strong plus
* Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python) is a significant plus!

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.