Principal, Vulnerability Management Engineer (Costa Rica)

Description

About The Role

What you'll get to do

• Build solutions/capabilities within the scope of Vulnerability Management to further improve Splunk’s Vulnerability Management Program (e.g., automation, data analysis, process development)
• Analyze vulnerability data/Identifying trends to perform root-cause analysis
• Assist in development of new security standards and baselines
• Perform vulnerability assessments and act as a point of contact for engineering teams to drive remediation of security concerns and active incidents.
• Respond to emerging security events and threats
• Triage vulnerabilities to provide company specific severity guidance
• Ensure remediation team compliance to regulatory standards
• Comfortably lead security discussions, vulnerability assessments, propose and discuss solutions to security tools that are directly related to their area of focus.

Must-have Qualifications

• 8+ years of experience in a vulnerability management engineer (or related information security role) capacity with a Bachelor's degree in computer science, information systems, or related degree
• Must have experience with vulnerability management or assessments and security concepts
• Proven proficiency with vulnerability scanning and management platforms such as Tenable, Qualys, Rapid7, or similar
• Familiarity with how to assess and implement external configuration compliance standards such as CIS Benchmarks and DISA STIGs
• Experience with risk-based vulnerability management, including threat modeling, CVSS scoring, and prioritization methodologies
• In depth knowledge on the best remediation techniques for different vulnerabilities and the ability to explain them to engineering teams.
• Strong analytical and problem-solving skills, with an ability to balance security needs with business impact
• Knowledge of common security threats, such as attack-techniques, evasive techniques, and preventative & defensive methods.
• Understanding of security features in Container and Container Orchestration technologies (Docker, Kubernetes, etc).
• Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices.
• Familiarity of compliance requirements for certifications like PCI DSS, SOC2, HIPAA, FedRAMP
• Experience addressing systemic security issues through root cause analysis, building security solutions, and project leadership.

Nice-to-have Qualifications

• Functional in using Splunk Search Processing Language (SPL)

Splunk is an Equal Opportunity Employer

Note:

Thank you for your interest in Splunk!