Senior Incident Response Analyst

Full Time
San Francisco, CA
Areas of Interest: Incident Response
report a problem
Overview


We are looking for fast thinking, A-team players to join our company.
So if you're looking for an incredible place to work that celebrates innovation, leadership and creativity, please contact us. Splunk offers competitive compensation and excellent benefits. When you join Splunk you'll be working with a team of wicked-smart people who are passionate about our products and our customers' success.

 

Do you have strong technical experience leading or building an Incident Response team?  Do you want to work in a high growth, well-respected, fast-paced tech company?  If you said yes to each of the questions above, then we have an opportunity for you.   In this role, you will help develop and implement a CSIRT to protect Splunk.  You will also lead the technical aspects of the program.   This is very much a hands-on, chasing badness job.

Responsibilities

  • Technical leadership guiding the development and evolution of our security monitoring platform as well as detection and response procedures
  • Investigate potential threats, notable events, and suspicious activity, then lead our technical response.
  • Monitor and analyze security events and identify trends, attacks, and potential threats.
  • Ensure that all incidents are recorded and tracked to meet audit and legal requirements where necessary.
  • Provide continuous metrics and performance indicators to the leadership team highlighting the effectiveness of the detection and mitigation capability
  • Maintain knowledge of threat landscape by monitoring OSINT and related sources
  • Serve as a senior mentor to CSIRT staff

Requirements

  • Strong experience with designing and operating security monitoring platforms (SIEM) and intrusion detection solutions, as well as with IOCs. 
  • Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.
  • Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
  • Incident Management – analysis, detection and handling of security events
  • Comprehension of how attacks exploit operating systems and protocols
  • Must understand how to analyze network traffic for suspicious and malicious activity
  • Hands-on experience with security technologies:
    • Endpoint Detection & Response tools (EDR) - FireEye HX, CarbonBlack, SentinelOne, GRR, etc
    • Intrusion Detection & Prevention (IDP) –  Sourcefire, Snort, Bro, Security Onion
    • Next-Gen IDS - FireEye NX, Cisco Firepower, Palo Alto WildFire
    • Security Information & Event Management (SIEM) – Splunk preferred
    • Network Analysis tools - Wireshark, tcpdump
    • Full Packet Capture – NetWitness, FireEye PX, etc
  • Experience in multiple operating systems such as Windows, BSD, Linux, or MacOS.
    • Strong Linux experience is a must
  • Experience with scripting in Python, Bash, Powershell,
  • Strong understanding of network protocols (TCP / UDP)
  • Ability to summarize events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.

Desired

  • Experience using and extending Splunk is a plus.
  • Incident Response experience in a MacOS environment is a plus
  • CISSP, GIAC, GCIH,  or other security related certification
  • Threat hunting experience
  • Hands-on experience with security technologies:
    • Malware Sandboxing - Cuckoo, Yara, Volatility, etc
    • Full Packet Capture – NetWitness, FireEye PX
  • Knowledge of databases - Oracle, MySQL
  • Experience in Ethical Hacking or Red Team
  • Ability to reverse engineer malware
About Splunk
Splunk was founded to pursue a disruptive new vision: make machine data accessible, usable and valuable to everyone.  Machine data is a fast growing and pervasive part of “big data”—generated by every component of IT infrastructures, applications, mobile phone location data, website clickstreams, social data, sensors, RFID and much more.

Splunk is focused specifically on the challenges and opportunity of effectively managing massive amounts of machine data, and providing a next-generation platform for powerful new applications.  Since shipping its software in 2006, Splunk now has over 10,000 customers in 100 countries around the world. These organizations are using Splunk to harness the power of their machine data for application management, IT operations and infrastructure management, cybersecurity, compliance, web intelligence, business analytics and more.  Innovation is in our DNA – from technology to the way we do business. Splunk software has become a platform for machine data!

Splunk has more than 1,700 global employees, with headquarters in San Francisco, an office in Cupertino, CA and regional headquarters in London, Hong Kong and Singapore.

We’ve built a phenomenal foundation for success with a proven leadership team, highly passionate employees and unique patented software.  We invite you to help us continue our drive to define a new industry and become part of an innovative, and disruptive software company.

Benefits & Perks: Wow! This is really cool!
San Francisco Only
Medical, full company paid Dental, Vision and Life Insurance, Flexible Spending and Dependent Care Accounts, Commuter Accounts, Employee Stock Purchase Plan (ESPP), 401(k), 3 weeks of PTO, sick leave, stocked micro kitchens in Splunk offices, catered lunches on Mondays, catered breakfast on Fridays, basketball hoops, ping pong, arcade games, BBQ’s, soccer, “Fun Fridays”.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Non San Francisco
Medical, full company paid Dental, Vision and Life Insurance, Flexible Spending and Dependent Care Accounts, Commuter Accounts, Employee Stock Purchase Plan (ESPP), 401(k), 3 weeks of PTO and sick leave.  Our work environments vary by location however we believe in hosting amenities and fun activities to fuel our energy.  You may find fully stocked micro kitchens, catered lunches on Mondays and breakfast on Fridays, basketball hoops, ping pong, arcade games, BBQ’s, soccer and “Fun Fridays”.   

This isn’t a job – it’s a life changer – are you ready?

Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk's EEO Policy Statement.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to accessiblecareers@splunk.com. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.



Share this job:

Splunk

Listen to your data.
Splunk Inc. (NASDAQ: SPLK) was founded to pursue a disruptive new vision: make machine data accessible, usable and valuable to everyone. Machine data is one of the fastest growing and most valuable parts of big data -- generated by every component of IT infrastructures, applications, mobile devices, website clickstreams, social data, sensors and more. 

Splunk is the leading software platform for machine data that enables customers to gain real-time Operational Intelligence. Our company's mission is to address the challenges and opportunities of managing massive streams of machine-generated big data. More than three quarters of the Fortune 100 and thousands of enterprises, universities, government agencies and service providers use Splunk software to harness the power of their machine data for application management, IT operations, security, web intelligence, customer and business analytics and more. 

Splunk helps customers solve problems in ways they could never dream before. With Splunk, all you need is a browser and your imagination.

Specialties
Machine Data To Operational Intelligence
Visit Splunk's Social Media pages:
Company Industry: Computer Software
Company Type: Public Company
Company Size: 1,001-5000