Senior Application Security Penetration Tester (US Remote Available)

Apply for this position Please mention DailyRemote when applying
Posted 11 days ago United States Salary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

About Splunk We have a disruptive new vision to make machine data accessible, usable, and valuable to everyone. Our engineers are passionate about our products and our customers demand more of it. At Splunk, we're committed to our people, customers and having fun at work! Splunk is an industry leader in the "Data to Everything" platform and is well-positioned to extend the lead with our bold new vision. About The Role You will be a Senior member of the Penetration Testing team, and will be responsible for testing all of Splunk's customer-facing products, and helping mature the offensive security program at Splunk. This role involves crafting attack plans, carrying out pen test engagements, and writing up reports for development teams with detailed descriptions of findings and recommendations. You'll also consult with members of the Product Security team to provide insight into vulnerabilities and appropriate security controls to build as well as secure development practices. As Splunk's business rapidly shifts to cloud-based services, crucial for the role is an understanding of cloud delivery models for building and deploying applications. Challenges in this role include: understanding the diverse Splunk product portfolio, risk-based prioritization, ensuring penetration testing coverage, remediation guidance, secure design pattern consulting, incident response guidance, and bug bounty decisions. You will be an ideal candidate if you: Have significant hands on penetration testing experience and offensive capabilities in numerous core competency areas including web applications, mobile applications, networks, Multi Tier architecture or Distributed Systems Have a mature understanding of coverage and risk as a outcome of pentesting as it relates to product security posture and business needs Track and research the latest developments in vulnerability research Have the ability to develop or adapt custom tooling to solve new needs Ability to teach and provide feedback to coworkers Ability to be accountable for internal programs related to the work area. Have the ability to build relationships with engineering teams to drive Splunk products to a mature security state Required Skills: 7-9+ years of demonstrated ability in application level penetration testing Strong understanding of vulnerabilities, common attack vectors and how to resolve them Ability to quickly comprehend and digest application/systems designs Attacker mindset: ability to think creatively about relevant threats and attacks Ability to prioritize and lead others in a pentest through an attack plan on complex application and systems designs Well-rounded background in application, network, and system security Familiarity with public cloud platforms (preferably AWS and GCP) Effective written and verbal communication Desired Skills: Experience with Splunk products Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications Relevant development/scripting/automation experience in C++, Javascript, Python, Go Familiarity with "big data" and distributed systems technology Ability to drive efforts as a SME: thinking in whole systems, working within and between teams to have a positive security impact We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records. Note: Splunk provides flexibility and choice in the working arrangement for most roles, including remote and/or in-office roles. We have a market-based pay structure which varies by location. Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location as set out below, as well as the knowledge, skills and experience of the candidate. In addition to base pay, this role is eligible for incentive compensation and benefits, and may be eligible for equity. Benefits are an important part of Splunk's Total Rewards package. This role is eligible for a competitive benefits package which includes medical, dental, vision, a 401(k) plan and match, paid time off, an ESPP and much more! Learn more about our comprehensive benefits and wellbeing offering here. Base Pay Range SF Bay Area, Seattle Metro, and New York City Metro Area Base Pay Range: $156,000 - 214,500 per year California (excludes SF Bay Area), Washington (excludes Seattle Metro), Washington DC Metro, and Massachusetts Base Pay Range: $146,400 - 201,300 per year All other cities and states excluding California, Washington, Massachusetts, New York City Metro Area and Washington DC Metro Area. Base Pay Range: $132,800 - 182,600 per year