Security Threat Researcher

Job Category: Information Technology (IT)
Job Type: Full Time
Job Location: United States
Salary: $146 400.00 - 201
Company Name: Splunk

Company Overview

Splunk is helping to build a safer and more resilient digital world by equipping customers with the unified security and observability platform they need to keep their organization securely up and running — no matter what digital disruptions come their way.

About the job

Join us as we pursue our ground-breaking new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most meaningfully to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

Role Summary

Join our team, formerly known as TwinWave, in developing phishing detections for our cutting-edge, microservice-based threat analysis pipeline. This role involves creating new phishing detection logic and technologies, utilizing our existing analysis engines and detection languages.

Team Dynamics

Our team is made up of a diverse mix of talents, including developers, analysts, researchers, and hybrid roles. You will work closely with principal threat researchers specializing in phishing detection. If you take pride in thwarting phishing attempts, this role in our dedicated team of detection engineers is ideal for you.

Key Responsibilities

  • Stay informed about the current phishing landscape and develop effective detections to protect our customers.
  • Review a large number of potential phishing websites daily to determine if new detections need to be created, or existing detections need tuning
  • Collaborate with developers to identify and resolve issues, missing features, and enhance phishing-related detection capabilities.
  • Investigate and respond to detection related issues reported by customers.

Qualifications

  • Minimum 2 years of experience as a detection engineer, security researcher, or threat analyst.
  • Bachelor’s degree in Computer Science or a related quantitative field (equivalent education/experience considered).
  • Deep understanding of the modern phishing landscape, including threat actors, phishing kits, AITM/Reverse Proxy frameworks, and related techniques.
  • Proficiency in writing phishing detections using various technologies (e.g., Regex,, ClamAV, Suricata).

Required Skills

  • Expertise in creating complex regular expressions for detection.
  • Familiarity with typical phishing kit structures.
  • In-depth knowledge of HTML, Javascript, and the HTTP protocol.
  • Proficiency in JSON.
  • Excellent verbal and written communication skills.

Preferred Skills

  • Knowledge of common network protocols (FTP, SMTP).
  • Proficiency in Python or Go
  • Familiarity with the MITRE ATT&CK Framework and other relevant attacker tactics, techniques, and procedures (TTPs).
    APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx