The Product Security team members at Splunk ensure the security of our products and serve as subject matter experts for our engineering teams and Splunk partners to protect our customers' data in today's rapidly evolving threat landscape.
You will be a part of an exciting new Red Team initiative and will be responsible for penetration testing Splunk's suite of products (on-prem and cloud). You will be the go-to person for researching new threats, executing creative exploits and establishing an internal penetration testing lab. In addition, you will work with external researchers and external penetration testing vendors to ensure that all publicly known vulnerabilities are appropriately addressed by Splunk.
You will be an ideal candidate if you:
Have significant penetration testing experience and offensive capabilities in numerous core competency areas primarily in applications, but networks, infrastructure (cloud and on-prem) and mobile.
Track the latest developments in vulnerability research, and how they may impact Splunk or its customers.
Have a proven track record in participating in bug bounties.
Having a few CVEs in your name or public street cred (blogs, research, education) a big plus.
Have experience using standard tools for penetration testing and have the ability to develop tooling to solve new needs.
3 Years' experience in application, mobile and infrastructure penetration testing.
Strong understanding of vulnerabilities, common attack vectors and how to resolve them.
Attacker mindset: ability to think about different threats and creative attack vectors.
Well-rounded background in host, network, mobile and application security.
Effective written and oral communication
Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
Experience with Splunk
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.