Software Engineer (Attack Analyzer)

Software Engineer - Attack Analyzer Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So, bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back. Role Summary As a Software Engineer, you’ll play a vital role in building and improving systems that defend against cyber threats like phishing, malware, and malicious content delivered via URLs, emails, files, and QR codes. You’ll contribute to the development of automated threat analysis tools that enhance our customers’ security. If you're passionate about cybersecurity and excited to grow your skills while making a real-world impact, we encourage you to apply. Your work will help strengthen cyber defenses and protect organizations from evolving threats. Meet the Team The Splunk Attack Analyzer (SAA) team streamlines security threat analysis, providing forensic evidence and metadata to customers via API and Portal. As a Software Engineer, you'll orchestrate the optimization of backend code and detection capabilities, focusing on automated URL, file analysis, and web navigation. You'll help with innovative solutions to overcome challenges posed by the threat actors. Key Responsibilities ● Detection as code and security automation features to identify threats and protect systems and data. ● Analyze, triage, and respond to customer and detection analyst reported code related false positives and false negatives ● Enhance and maintain detection capabilities in existing security platforms; contribute to continuous improvement of detection coverage and fidelity. ● Follow secure coding best practices and maintain high-quality, maintainable, and well-tested detection code. ● Participate in design and code reviews, contributing to technical documentation and knowledge sharing. ● Debug and resolve detection issues, including tuning alerts and investigating false positives/negatives. ● Engage in Agile workflows, participate in sprint planning, and collaborate closely with team members. ● Contribute to CI/CD, testing, and automation efforts for detection pipelines in cloud environments. ● Build product and threat landscape knowledge to deliver user-focused, effective security detections. Required Qualifications: ● Bachelor’s degree in Computer Science, Engineering, Cybersecurity, equivalent practical experience or related field. ● 3–4 years of professional experience in software engineering or security engineering, with direct exposure to security detection, monitoring, or incident response. ● Proficiency in Python or Go, with hands-on experience developing detection logic or security tooling. ● Proficient in using and configuring HTTP Inspect and other preprocessors to decode and inspect payloads such as normalized JavaScript, compressed files, and email attachments for security threats. ● Understanding of browser internals, including HTML and JavaScript execution, DOM manipulation, and security implications of active content in web browsers. ● Familiarity with security operations concepts, including attack techniques (MITRE ATT&CK), log analysis, threat hunting, and secure coding practices. ● Understanding software design principles for building scalable and maintainable detection systems. ● Experience with cloud platforms (e.g., AWS). ● Comfortable working with development tools such as Git, CI/CD pipelines, Docker, and Kubernetes. ● Solid debugging and p ... (truncated, view full listing at source)