Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back. **About The Role** Do you enjoy securing products which have a global impact? As a Senior Vulnerability Management Engineer you will lead security and vulnerability assessments in collaboration with internal teams, identify new capabilities for our Vulnerability Management Program, and assist in the development of other engineers to assure the security of Splunk products. This role will report to the Manager, of Vulnerability Management. We are a passionate team who has fun, enjoys a good laugh, but above all else thinks security first. If you are passionate about and have an advanced level of working knowledge in information security, have a desire to always learn and improve, as well as mentor others this job is for you! **What you'll get to do** + Build solutions/capabilities within the scope of Vulnerability Management to further improve Splunk’s Vulnerability Management Program (e.g., automation, data analysis, process development) + Analyze vulnerability data/Identifying trends to perform root-cause analysis + Assist in development of new security standards and baselines + Perform vulnerability assessments and act as a point of contact for engineering teams to drive remediation of security concerns and active incidents. + Respond to emerging security events and threats + Triage vulnerabilities to provide company specific severity guidance + Ensure remediation team compliance to regulatory standards + Comfortably lead security discussions, vulnerability assessments, propose and discuss solutions to security tools that are directly related to their area of focus. **Must-have Qualifications** + 10+ years of experience in a vulnerability management engineer (or related information security role) capacity with a Bachelor's degree in computer science, information systems, or related degree + Must have experience with vulnerability management or assessments and security concepts + Proven proficiency with vulnerability scanning and management platforms such as Tenable, Qualys, Rapid7, or similar + Familiarity with how to assess and implement external configuration compliance standards such as CIS Benchmarks and DISA STIGs + Experience with risk-based vulnerability management, including threat modeling, CVSS scoring, and prioritization methodologies + In depth knowledge on the best remediation techniques for different vulnerabilities and the ability to explain them to engineering teams. + Strong analytical and problem-solving skills, with an ability to balance security needs with business impact + Knowledge of common security threats, such as attack-techniques, evasive techniques, and preventative & defensive methods. + Understanding of security features in Container and Container Orchestration technologies (Docker, Kubernetes, etc). + Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices. + Familiarity of compliance requirements for certifications like PCI DSS, SOC2, HIPAA, + Experience addressing systemic security issues through root cause analysis, building security solutions, and project leadership. **Nice-to-have Qualifications** We’ve taken special care to separate the must-have qualifications from the nice-to-haves. “Nice-to-have” means just that: Nice. To. Have. So, don’t worry if you can’t check off every box. We’re not hiring a list of bullet points–we’re interested in the whole you. + Functional in using Splunk Search Processing Language (SPL) **Splunk is an Equal Opportunity Employer** Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Note: