3 Security Tooling Jobs

As a member of the Software Security Engineering team at Splunk, a Cisco company, you will play a crucial role in tackling sophisticated security challenges at scale. Working closely with product development teams, you will be responsible for implementing secure software practices across Splunk's entire product portfolio. By analyzing evolving vulnerability patterns and real-world attack tactics, you will contribute to crafting innovative security solutions that safeguard Splunk's industry-leading products. Collaborating with Product Security, Risk, and Compliance teams, you will ensure that Splunk not only meets but exceeds new policy and regulatory requirements. The Global Security Team at Splunk is dedicated to building a safer and more resilient digital world. While our customers appreciate our unified security and observability platform, it is our employees who truly make Splunk a standout career destination. We value authenticity and encourage our employees to bring their whole selves to work, including their work experience, problem-solving skills, and unique passions. In this role, you will have the opportunity to: - Analyze emerging code vulnerability trends and research real-world attack patterns to address evolving security threats proactively. - Design and implement sophisticated security mechanisms to protect Splunk's products from vulnerabilities and attacks. - Work closely with cross-functional teams, including Product Development, Product Security, Risk, and Compliance, to integrate security into every phase of the software development lifecycle. - Contribute to shaping Splunk's security strategy by implementing secure coding standards and vulnerability management practices. - Ensure regulatory compliance by staying aligned with the latest policy and regulatory requirements. To be successful in this role, you should have: - A minimum of 4 years of experience in software security, with a deep understanding of secure coding practices, vulnerability management, and common security flaws. - Proficiency in programming languages such as Python, Java, C++, or Go, with the ability to identify and remediate security issues in code. - Knowledge of risk management principles and popular regulatory requirements such as FEDRAMP, HIPAA, and SOC 2. - Strong analytical and problem-solving skills to address sophisticated security challenges at scale. - A Bachelor's degree in Computer Science, Security, or equivalent work experience. Nice-to-have qualifications include familiarity with threat modeling techniques, experience in implementing security tooling and automation within software build pipelines, and security certifications such as CompTIA Security+ or GIAC Security Essentials. While these qualifications are desirable, we value the whole individual and encourage candidates to apply even if they do not meet all the criteria. Splunk is committed to creating an inclusive and diverse work environment and is an Equal Opportunity Employer. Join us in our mission to build a safer digital world and make a meaningful impact on the future of security at Splunk.,

The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in software applications throughout the Software Development Life Cycle (SDLC). As a key member of the in-house Red Team, your focus will be on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen the overall security posture. Your responsibilities will include planning and executing realistic attack simulations against web, mobile, and desktop applications, developing custom exploits, tools, and techniques to mimic advanced threat actors, and conducting social engineering campaigns to assess employee awareness. You will also be responsible for in-depth penetration testing of applications, networks, and systems, identifying and exploiting complex vulnerabilities, and developing detailed penetration test reports with actionable recommendations. In addition, you will conduct code reviews from an offensive perspective, provide guidance on secure coding practices, and develop secure coding guidelines. Staying up-to-date on the latest security threats, vulnerabilities, and exploit techniques will be crucial, as you will be conducting vulnerability research, developing custom exploits and tools, and integrating security testing into the SDLC. You will also collaborate with development teams, participate in design reviews, and promote a security-conscious culture within the organization. Validating and verifying the effectiveness of vulnerability remediation efforts, retesting remediated vulnerabilities, evaluating and customizing offensive security tools, and automating red teaming and penetration testing processes will also be part of your role. Your technical skills should include expert proficiency in programming languages, a strong understanding of web application vulnerabilities, experience with penetration testing tools and frameworks, cloud security principles, authentication and authorization mechanisms, and network protocols. The ideal candidate will have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, along with at least 8 years of experience in application security, penetration testing, or red teaming. Certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Expert (OSCE), and Offensive Security Web Expert (OSWE) are highly preferred.,

Principal Application Security Engineer / Architect Location: Gurgaon, India (Hybrid 2 days/week in office) Department: Information Security / Application Security Reports To: Manager, Application Security Experience: 12+ years in cybersecurity, with a significant focus on application security and security architecture Employment Type: Full-time | Hybrid- 2 days/week Who You Are: You are a highly experienced and visionary security professional with deep expertise in application security, architecture, and secure software development. Youre not only a strategist and a technical authority, but also someone who remains hands-on when it matters. You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction. You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise. You also play a pivotal role in Cvents Application Security Research & Engineering (ASRE) programguiding the development of internal tooling, automation, and innovative approaches to secure software at scale. What You'll Do: Design and own secure application architectures across Cvents product landscape, including SaaS platforms, mobile apps, APIs, and cloud-native services. Define and evolve application security strategy, driving initiatives that align with Cvents product roadmap and risk posture. Lead architecture reviews, threat modeling sessions, and risk assessments for high-impact products and features, including those involving AI/ML pipelines. Engineer and advocate scalable security solutions, from reusable libraries and security design patterns to tooling integrations within the SDLC. Build and maintain relationships with engineering leaders, product managers, and infrastructure teams to champion security-by-design principles. Partner with ASRE to define and drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation. Serve as the security technical authority during escalations, post-incident reviews, customer audits, and design sprints. Provide technical leadership to the broader AppSec team, mentoring Senior and Lead engineers and participating in hiring and capability building. Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience. What You Bring: 12+ years of experience in information security, with a strong focus on application security, architecture design, and secure development practices. Deep understanding of secure software development lifecycles (SDLC), secure design principles, and modern threat landscapes (including AI/ML risks, supply chain, cloud-native, and microservices). Proven ability to architect secure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems. Expertise in performing and leading threat modeling, code reviews, and architecture risk assessments. Strong coding and scripting skills (e.g., Python, Java, JavaScript, TypeScript, etc.); ability to prototype tools or support ASRE initiatives directly. Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis). Familiarity with cloud security and native controls (AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform. Excellent communication skills with a proven ability to influence both technical and executive stakeholders. Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF. Bonus If You Have: Experience building security frameworks or reference architectures adopted across multiple product teams. Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development. Knowledge of emerging AI security threats (adversarial ML, model poisoning, privacy leakage, etc.). Certifications such as AWS Certified Solutions ArchitectAssociate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification. Why You'll Love This Role: You'll define and influence the security architecture of platforms used by thousands of customers worldwide. You'll work on high-impact initiatives with the authority to shape how security is donenot just today, but for the long term. You'll help grow and mentor a world-class AppSec team while staying close to the technology you love. You'll drive an engineering-led security culture alongside leadership that supports security investment, research, and innovation.