Splunk, a Cisco company, is building a safer and more resilient digital world with an end-to-end full stack platform made for a hybrid, multi-cloud world. Leading enterprises use our unified security and observability platform to keep their digital systems secure and reliable. Our customers love our technology, but it's our caring employees that make Splunk stand out as an amazing career destination. No matter where in the world or what level of the organization, we approach our work with kindness. So bring your work experience, problem-solving skills and talent, of course, but also bring your joy, your passion and all the things that make you, you. Come help organizations be their best, while you reach new heights with a team that has your back. **Role Summary** As a member of Splunk's Workforce Identity and Access Management (IAM) team, the Senior Security Engineer will lead the design and implementation of identity services and platforms, mainly Privileged Access Management (PAM) solutions. You must have a proven track record in delivering identity solutions that are functional, secure, scalable, and reliable. Your work will not only improve Splunk’s security posture but also improve workforce productivity. **What you'll get to do** + Work with IAM Leads to develop and drive PAM strategy, roadmap, and plan + Lead the design, engineering, and deployment of Privileged Access Management (PAM) solutions + Manage PAM tools/platforms and their integrations with relevant systems/platforms + Drive mitigation of privileged access-related risks + Participate in or lead incident resolution of sophisticated high-severity incidents + Analyze the current environment to identify technical and operational opportunities and develop continuous improvement action plans + Participate in disaster recovery, capacity planning, performance monitoring, and maintenance to ensure high availability + Understand and adhere to standard operational processes to ensure audibility and compliance with industry standards + Build trust with the other teams in the Splunk Product & Technology organization, but also across the company + Mentor and train others in the use and functionality of the IAM services **Must-have Qualifications** + Bachelor's degree in Computer Science, Information Technology, or related field required or equivalent work experience + Demonstrated ability in IAM with 5+ years of experience in implementing, integrating, and supporting end-to-end Privileged Access Management (PAM) solutions + Hands-on production experiences with PAM products such as CyberArk, Delinea, BeyondTrust + Experience in various authentication standards such as SAML, OAuth, SCIM, OpenID Connect, and FIDO2 + Experience in security and implementation standards such as the least privilege, just-in-time provisioning, and passwordless authentication + Hands-on experience with Cloud Service Providers such as AWS, GCP & Azure + Familiarity with PKI, Public Certificate Authorities, OpenSSL, Hashicorp Stack (e.g. Vault) + Development experience with Terraform and at least one program language (e.g. GO, Java, Python) + Familiarity with DevOps and CI/CD Pipelines **Nice-to-have Qualifications** We’ve taken special care to separate the must-have qualifications from the nice-to-haves. “Nice-to-have” means just that: Nice. To. Have. So, don’t worry if you can’t check off every box. We’re not hiring a list of bullet points–we’re interested in the whole you. + CISSP, CISM, or equivalent certification preferred **Splunk is an Equal Opportunity Employer** Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Note: **Base Pay Range** Base Pay Range: $121,700 - $168,700 When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process. U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco’s flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco’s Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community. Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows: .75% of incentive target for each 1% of revenue attainment up to 50% of quota; 1.5% of incentive target for each 1% of attainment between 50% and 75%; 1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation. For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.