Senior Software Engineer; Splunk Attack Analyzer

Position Overview

As a Senior Staff Software Engineer (Splunk Attack Analyzer), you’ll play a crucial leadership role in architecting, building, and improving systems that defend against cyber threats including phishing, malware, and malicious content delivered via URLs, emails, files, and QR codes. You will drive the development of advanced automated threat analysis tools, optimize backend code for detection capabilities, and mentor the next generation of engineers. This role, reporting within the Splunk Attack Analyzer (SAA) team, is central to streamlining security threat analysis and delivering forensic evidence and metadata to customers via API and Portal.

Key Responsibilities

• Architect, design, and implement detection‑as‑code and security automation features to identify threats and protect systems and data at scale.
• Lead technical investigations including analysis, triage, and response to complex customer and detection analyst reported false positives and negatives.
• Enhance and maintain detection capabilities in existing security platforms while continuously improving detection coverage, fidelity, and performance.
• Champion secure coding best practices by delivering high‑quality, maintainable, and well‑tested detection code and conducting design and code reviews.
• Debug and resolve advanced detection issues, including tuning alerts and investigating false positives/negatives.
• Actively participate in Agile workflows, assist in sprint planning, and collaborate with cross‑functional partners.
• Shape CI/CD, testing, and automation strategies for detection pipelines in cloud environments.
• Develop deep product and threat landscape knowledge to deliver user‑focused, effective security detections.
• Mentor and coach junior engineers, fostering a culture of technical excellence and growth.

Required Qualifications

• Experience & Education: 12+ years of professional experience with a Bachelor’s degree, or 8+ years with a Master’s degree, or 5+ years with a PhD in Computer Science, Engineering, Cybersecurity, or a related field.
• Security Expertise: Proven hands‑on experience in software or security engineering with deep expertise in security detection, monitoring, or incident response.
• Programming Skills: Advanced proficiency in Python or Go with a strong track record in developing robust detection logic or security tooling.
• File Analysis: In‑depth understanding of file formats commonly abused by attackers, including experience with writing decoders and reverse engineering.
• Browser Security: Strong grasp of browser internals including HTML, JavaScript execution, DOM manipulation, and the security implications of active web content.
• Security Operations: Expertise in security operations concepts such as attack techniques (MITRE ATT&CK), log analysis, and threat hunting.
• Design & Development: Demonstrated ability to drive feature and platform design with advanced programming skills.
• Best Practices & Leadership: Proven record of setting high coding standards, leading code reviews, and participating in technical strategy and sprint planning.
• Product Expertise: Deep understanding of the product with expert-level knowledge of key feature areas, along with the ability to troubleshoot complex customer issues.