Job Description

Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back.

Role Summary

You will explore how AI can transform security operations by rapidly prototyping and evaluating new ways to embed AI automation into SOC and SIEM workflows. You will work hands-on with LLMs to build initial MVP systems that summarize incidents, autonomously triage alerts, and guide response actions. Your focus will be on experimentation, iteration, and validating what is possible. You will work closely with security SMEs to test ideas, assess model quality, and identify high-impact opportunities to shape the future of AI-assisted threat detection and response.

Who We Are

We are a scrappy agile team with a startup feel and a strong bias for action. We move fast, embrace failure as part of the process, and stay focused on solving real-world problems for defenders on the front lines. Our team blends deep expertise in AI, cybersecurity, and platform engineering. We are driven by a shared belief that the only way to outpace hackers is through AI advancements that free up humans to tackle real threats and more challenging problems.

This is a place for builders who thrive in ambiguity, challenge the status quo, and care deeply about making a meaningful impact. If youre energized by tough problems, excited to shape the future of cyber defense, and eager to work alongside passionate experts, youll feel right at home.

What Youll Get to Do

• Design and build agentic workflows that combine detection signals, context, and playbooks to automate threat triage and response.

• Prototype and test new AI features from enrichment agents to incident summarizationworking closely with security SMEs to validate real-world utility.

• Develop an AIOps pipeline to enable rapid experimentation with prompts, models, and RAG systems, using clear, measurable success criteria to evaluate iterations.

• Evaluate model outputs for accuracy, reliability, and usability, then prototype and deploy improvements based on structured feedback and testing.

• Collaborate with product and platform teams to co-design AI-enhanced TDIR workflows that are intuitive, scalable, and immediately useful to analysts.

• Contribute to the core architecture powering AI-native security operations, helping to shape how Splunk and Cisco scale trusted automation across the enterprise.

Must-Haves

Security:

• Security Operations Experience Understanding of security operations concepts, including detection, triage, investigation, and response.

• Security Telemetry Fluency Comfortable working with common data sources such as endpoint logs, network traffic, authentication events, or cloud audit trailsand understanding how theyre used in detection and investigation workflows.

Engineering Experience:

• Senior-Level Python Development Proven track record building scalable backend services, APIs, and automation workflows in Python.

• DevOps/SecOps Practices Proficient with CI/CD pipelines, version control (GitHub/GitLab), Jira, and automated testing frameworks.

• Security Automation Experience building and integrating with product APIs to drive SecOps efficiency.

• Cross-Functional Collaboration Comfortable partnering with product managers, security SMEs, and engineers to iterate quickly and deliver impactful solutions.

AI/LLM:

• Prompt Engineering & LLM Integration Skilled in crafting, testing, and optimizing prompts for large language models. Ideally, you have contributed to or shipped an AI-powered feature or product, and understand the nuances of integrating LLMs into real-world workflowsincluding usability, performance, and trust considerations.

• AI Evaluation & Experimentation Capable of designing experiments to evaluate LLM output for accuracy, usability, performance, and cost.

Nice-to-Haves

• SOAR/SIEM Familiarity Experience working with security data and/or tools such as SIEM/SOAR platforms (e.g., Splunk), whether from a practitioner, developer, or automation perspective.

• Splunk Enterprise Security (ES) Experience Familiarity with ES architecture, correlation searches, notables, and risk-based alerting. Bonus if youve worked with Splunks APIs, internals, or have experience developing on the Splunk platform.

• Security Operations Background Former Tier 3 SOC analyst or equivalent, with experience automating SecOps workflows and building scalable, resilient detection infrastructure.

• RAG and Vector Search Implementation Hands-on experience developing retrieval-augmented generation pipelines and working with vector databases (e.g., FAISS, Pinecone).

• LLM Fine-Tuning and Embeddings Exposure to fine-tuning large language models or generating custom embeddings for domain-specific tasks in cybersecurity.

• Security Data Engineering Experience building and maintaining pipelines for ingesting, parsing, and normalizing large-scale security telemetry.

• UX and Human Factors for Analysts Background or interest in designing intuitive, AI-assisted analyst workflows with a focus on usability, trust, and decision support.

You Are...

• Independent and a creative problem-solver who thrives on ambiguity.

• A strong communicator with high standards and you are not afraid to challenge the status quo.

• Driven by impact , not checklists; someone who builds, tests, and iterates fast.

Base Salary Range $173,100.00 to $241,700.00

When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location.

What We Offer You:

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.

Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period.

Exempt new hires participate in Ciscos flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Ciscos Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Job Tags

Similar Jobs