Principal Security Research Engineer

Splunk   •  

San Francisco, CA

Industry: Enterprise Technology


5 - 7 years

Posted 66 days ago

This job is no longer available.

Job Summary

Splunk Security Research is committed to delivering actionable intelligence to Splunk's customers. We are looking for a Principal Security Research Engineer to join our growing team. You will be working on developing new tools/techniques to aid security operators for analysing threats, crafting and releasing detection, investigation and response techniques for multiple Splunk products. You will have a hand in mentoring and growing team members. You will work closely with Splunk teams across multiple product areas; data scientists, product managers and engineers to influence the development of new capabilities for Splunk software and to enable the research team to leverage the best of Splunk. You will contribute to the development and implementation of security tools, machine learning models, infrastructure as code, and security content. This position requires development experience, along with DevOps tools, machine learning, analyzing large data sets and development of automation techniques. This individual must also have knowledge and experience in various information security detection and monitoring tools with an understanding of what they provide and how they contribute to an effective security program.

Job Responsibilities

  • Lead team initiatives, improvements and extend company wide impact of the research team
  • Research attacks against on-prem and cloud, technologies and deployments
  • Development of security content for detection, investigation, and response
  • Develop and execute growing attacks commonly used in the wild
  • Analyze data sources, technologies and determine suitability for detection and response
  • Real passion for contributions to the security community in the form of speaking submissions, patent filings, external/internal papers and presentations
  • Prototype new detection techniques, workflows and automation for security operations

Job Requirements

  • Experience in leading or influencing groundbreaking projects
  • Passionate about mentoring highly motivated junior team members
  • Experience in a security research or DFIR role
  • Experience with Splunk Enterprise
  • Deep understanding of common threats, their detection, investigation and response
  • Deep knowledge of at least one major operating system and packet analysis tools is a huge plus
  • Familiar with cloud technologies, Docker, K8s, Vagrant/Terraform and CI/CD experience
  • Proven public speaking at security conferences and take pride in published papers, patents


  • Experience in developing analytics and detections (Snort, Suricata, Splunk, ML)
  • Experience with Machine Learning technologies and feature engineering
  • Ability to develop complex projects (web applications, API for example)