Software Engineer - Attack Analyzer

Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So, bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back.

Role Summary

As a Software Engineer, you’ll play a vital role in building and improving systems that defend against cyber threats like phishing, malware, and malicious content delivered via URLs, emails, files, and QR codes. You’ll contribute to the development of automated threat analysis tools that enhance our customers’ security. If you're passionate about cybersecurity and excited to grow your skills while making a real-world impact, we encourage you to apply. Your work will help strengthen cyber defenses and protect organizations from evolving threats.

Meet the Team

The Splunk Attack Analyzer (SAA) team streamlines security threat analysis, providing forensic evidence and metadata to customers via API and Portal. As a Software Engineer, you'll orchestrate the optimization of backend code and detection capabilities, focusing on automated URL, file analysis, and web navigation. You'll help with innovative solutions to overcome challenges posed by the threat actors.

Key Responsibilities

● Detection as code and security automation features to identify threats and protect systems and data.

● Analyze, triage, and respond to customer and detection analyst reported code related false positives and false negatives

● Enhance and maintain detection capabilities in existing security platforms; contribute to continuous improvement of detection coverage and fidelity.

● Follow secure coding best practices and maintain high-quality, maintainable, and well-tested detection code.

● Participate in design and code reviews, contributing to technical documentation and knowledge sharing.

● Debug and resolve detection issues, including tuning alerts and investigating false positives/negatives.

● Engage in Agile workflows, participate in sprint planning, and collaborate closely with team members.

● Contribute to CI/CD, testing, and automation efforts for detection pipelines in cloud environments.

● Build product and threat landscape knowledge to deliver user-focused, effective security detections.

Required Qualifications:

● Bachelor’s degree in Computer Science, Engineering, Cybersecurity, equivalent practical experience or related field.

● 3–4 years of professional experience in software engineering or security engineering, with direct exposure to security detection, monitoring, or incident response.

● Proficiency in Python or Go, with hands-on experience developing detection logic or security tooling.

● Proficient in using and configuring HTTP Inspect and other preprocessors to decode and inspect payloads such as normalized JavaScript, compressed files, and email attachments for security threats.

● Understanding of browser internals, including HTML and JavaScript execution, DOM manipulation, and security implications of active content in web browsers.

● Familiarity with security operations concepts, including attack techniques (MITRE ATT&CK), log analysis, threat hunting, and secure coding practices.

● Understanding software design principles for building scalable and maintainable detection systems.

● Experience with cloud platforms (e.g., AWS).

● Comfortable working with development tools such as Git, CI/CD pipelines, Docker, and Kubernetes.

● Solid debugging and problem-solving skills, particularly as they relate to detection and alerting logic.

● Strong communication skills and ability to work collaboratively within a cross-functional team.

● Eagerness to learn, receive feedback, and continuously develop technical skills in the detection engineering domain.

Key Proficiencies:

● Contributes to feature design and development with solid programming skills.

● Follows best practices and participates in code reviews.

● Writes well-tested code with appropriate test coverage.

● Troubleshoots and resolves low-complexity customer issues.

● Supports system operations at the team’s level.

● Participates in sprint estimation and planning.

● Understands the product and has deep knowledge of their feature area.

Why Cisco?

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.

We are Cisco, and our power starts with you.