Senior Security Engineer - Product Security Incident Response Team (Psirt)

Splunk San Francisco , CA 94118

Posted 3 months ago

Senior Security Engineer Product Security Incident Response Team (PSIRT) and Vulnerability Management

Come and join our growing Splunk PSIR (Product Security Incident Response) team of Security Engineers; be a part of a high-powered and high-performing team that regularly works across the entire organization, with everyone from product teams to executives. Urgent escalations from enterprise customers, investigating open source vulnerabilities, performing variant analysis, root cause analysis, working with security researchers and a regular patching cycle are all core to this role. The work is diverse, has executive level visibility, and is ever changing. Splunk PSIRT (Product Security Incident Response Team) is responsible for:

  • Splunk product vulnerability management process for on-premise and cloud Splunk products and applications.

  • Coordination of customer/external product security incidents and reported security issues affecting various Splunk products and applications.

  • Working cross-functionally with all business units, sustaining engineers, product security team members, customer support, legal and external security researchers to ensure timely resolution of security incidents and events.

  • Development, maintenance and continuous improvement of the product security incident monitoring, detection and response tools and process, including all required supporting materials.

  • Leading post-incident reviews for presentation to management.

We are looking for a new team member who will be responsible to perform following activities:

  • Lead and own Vulnerability Management Process - triage security related issues (external / internal), verify those on different Splunk versions, products.

  • Perform variant analysis and root cause analysis to find systematic bugs.

  • Triage code defect based issues, quantitatively evaluate risk and provide guidance to engineering teams regarding the impact of security issues using industry standard metrics such as CVSS.

  • Investigate, track and remediate open source vulnerabilities.

  • Work closely with project management, product management, engineering and sustaining teams to drive issues to closure.

  • Track and report on remediation efforts.

  • Improve and perform Security Advisory Process.

  • Actively hunt for bugs in Splunk products and applications using various static code analysis, dynamic analysis, variant analysis and pen testing tools. Provide input to tools and pen test team to enable systemic issue identification.

  • Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration. Work with customer facing and internal teams to continually improve processes used to identify and fix product security issues

  • Enhance existing product security incident response program


  • Bachelor's/Master's in Computer Science or equivalent

  • Relevant information security certifications, such as SANS/GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH), SANS GPEN, or Offensive Security OSCP/OSCE


  • Minimum 5-7 years of Application Security Experience

  • At least two-three years of experience with CSIRT, CIRT, PSIRT functions

  • Solid understanding of OWASP Top 10

  • Understands common classes of product security vulnerabilities and attack/defense methodologies deeply

  • Experience with issue management as well as designing/defining proactive mitigation strategies

  • Strong written and verbal communications skills

  • Proven ability to build relationships and influence individuals at all levels, as well as external security researchers, vendors and service providers

  • Able to learn new languages

  • Experience with various application security tools - Static code analysis, dynamic code analysis, vulnerability scanning, pen testing

  • Ability to track and lead numerous parallel activities

  • Good understanding of Windows and Linux Operating systems

  • Understands common classes of product security vulnerabilities and attack/defense methodologies deeply

  • AWS/Cloud Experience a strong plus

  • Bug bounty program participation a plus

  • Knowledge of the security research community is a strong plus

  • Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python) is a significant plus!

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Information Security Engineer Incident Response And Threat Intelligence

Autodesk Inc.

Posted 2 weeks ago

VIEW JOBS 11/27/2018 12:00:00 AM 2019-02-25T00:00 Information Security Engineer, Incident Response and Threat Intelligence Location: San Francisco, CA- United States Job ID: 18WD27968 The Information Securtiy Team @Autodesk Are you looking for an opportunity to join a fast-paced information security team in a global company that is enabling The Future of Making Things? Do you get enthralled finding the unknown and help engineer solutions to better detect and respond to security incidents? Do you thrive when working collaboratively and cross-functionally to advise strategic initiatives that will strengthen the company's security posture? If so… we're looking for a new member for our Incident Response team in San Francisco, California. Position Overview Autodesk is seeking an Information Security Engineer to be part of the Security Incident Response Team focused on Incident Response and Threat Intelligence. This role will an expert in the technical response activities to successfully execute the Security Incident Response Plan(SIRP) and identify technology and process improvements to mature the incident response capability. This role will also engineer and improve solutions to proactively identify incidents. A successful candidate for this job will work with multiple stakeholders including internal/external technical stakeholders and help deliver consistent response activities and identify enhancements to the Incident response technology and process. The role will also build and operate systems that consume external, internal threat feeds, build behaviors analysis trends and develop security analytic systems to track down, stop and/or prevent malicious activities, security violations, vulnerabilities and other threats against Autodesk's information assets. This role will research the latest threats, vulnerabilities & methods for deploying controls in the prevention, detection and response to best secure the environment. Additionally, the role will produce threat assessment reports and evangelizing security practices to protect Autodesk against information security risks. The role requires excellent communication, marketing and planning skills and ability to work with individuals and teams from across the organization. The incumbent should have excellent analytical thinking and ability to understand complex technical issues in compressed time frames. The Information Security Engineer reports to the Manager Security Response. Responsibilities * Improve Autodesk's ability to detect intrusions in real-time * Identify and protect against all threats to Autodesk's information assets * Analyze and provide security recommendations for tools and infrastructure to achieve security goals * Actively be involved in Incident response and investigations including leading and directing technical response activities during investigations * Design, develop and implement next-generation detection and automated response solutions including identifying high fidelity threat intel * Gather threat intelligence and build, optimize, and develop systems for effective and efficient security response * Research emerging technologies and maintain awareness of current security threats and risks in support of security enhancement and development efforts * Independently research to identify novel methods dealing with next generation security problems * Actively collaborate and share ideas, thoughts and challenges with your peers within the organization and the security industry * Evangelize and market security practices and solutions * Create innovative solutions to complex security problems * Writing security white papers and/or presenting security products and technologies to diverse audiences * Document process, procedure and reports pertaining to incident detection and response * Document process pertaining to gathering and maturing Threat Intelligence Minimum Qualifications * Master's degree (M.S) in computer science or related field, or Bachelor's degree (B.A.) and equivalent work experience * 4-7 years' experience in investigating incidents while being part of a response team or a Security Operations Center (SOC) * Highly experienced working on Information Security Incidents, investigation, containment and remediation * Extensive understanding of Network, Infrastructure, computer and Product Security Incidents and the technical response activities entailed * Extensive understanding of mobile and cloud security specific to investigating incidents * Experienced working within a fast-paced incident response team with knowledge of log correlation, forensics, security vulnerabilities and exploits, mobile security * Highly experienced in defining and guiding technicalities around remediation and containing a security incident * Experienced deploying security solutions, architecting detection and response solution to mature capabilities * Deeper understanding of threats, actors, indicator of compromise and the actor TTPs (Tools/Techniques and Procedures) * Experienced with maturing strategic and tactical aspects of the Threat Intelligence program * Strong communication skills interacting with technical stakeholders including ability to convert technical language to business language for leadership * Strong presentation skills to illustrate metrics, processes and incident updates * Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team * Advanced interpersonal skills to effectively promote ideas and collaboration at the various levels of the organization * CISSP, GCIA, GCIH Certifications * GPEN, GXPN, GCFA, GNFA certifications a plus Preferred Qualifications * Led a security operations team managing and handling information security incidents * Developed or managed an Incident Response Program * Developed architecture and built custom solutions to detect suspicious security events and automate responses to better handle incidents About Autodesk With Autodesk software, you have the power to Make Anything. The future of making is here, bringing with it radical changes in the way things are designed, made, and used. It's disrupting every industry: architecture, engineering, and construction; manufacturing; and media and entertainment. With the right knowledge and tools, this disruption is your opportunity. Our software is used by everyone - from design professionals, engineers and architects to digital scientists, students and hobbyists. We constantly explore new ways to integrate all dimensions of diversity across our employees, customers, partners, and communities. Our ultimate goal is to expand opportunities for anyone to imagine, design, and make a better world. #ADSKSecurityCareers '295668 Autodesk Inc. San Francisco CA

Senior Security Engineer - Product Security Incident Response Team (Psirt)