Senior Staff Software Engineer (Splunk Attack Analyzer)

In this role, you'll play a crucial leadership role in architecting, building, and improving systems that defend against cyber threats like phishing, malware, and malicious content delivered via URLs, emails, files, and QR codes. You will drive the development of advanced automated threat analysis tools and lead initiatives to enhance our customers' security. If you're passionate about cybersecurity and ready to make a real-world impact with your expertise, we encourage you to apply. Your work will significantly strengthen cyber defenses and protect organizations from evolving threats, while mentoring and guiding the next generation of engineers.

The Splunk Attack Analyzer (SAA) team streamlines security threat analysis, providing forensic evidence and metadata to customers via API and Portal. As a Senior Staff Software Engineer, you'll lead the optimization of backend code and detection capabilities, focusing on automated URL, file analysis, and web navigation. You'll spearhead innovative solutions to overcome challenges posed by threat actors, collaborating across teams to deliver impactful results and sharing your expertise to elevate team performance.

• Architect, design, and implement detection-as-code and security automation features to identify threats and protect systems and data at scale.

• Lead technical investigations, analyze, triage, and respond to complex customer and detection analyst reported code-related false positives and false negatives.

• Drive enhancements and maintenance of detection capabilities in existing security platforms; contribute to the continuous improvement of detection coverage, fidelity, and performance.

• Champion secure coding best practices and ensure delivery of high-quality, maintainable, and well-tested detection code.

• Lead design and code reviews, contribute to technical documentation, and proactively share knowledge across the team and broader organization.

• Debug and resolve advanced detection issues, including tuning alerts and investigating false positives/negatives.

• Actively participate in Agile workflows, help with sprint planning, and collaborate closely with cross-functional partners.

• Shape CI/CD, testing, and automation strategies for detection pipelines in cloud environments.

• Develop deep product and threat landscape knowledge to deliver user-focused, effective security detections.

• Mentor and coach junior engineers, fostering a culture of technical excellence and growth.

• Drives feature and platform design and development with advanced programming skills.

• Sets and upholds best practices; leads code reviews and technical discussions.

• Authors well-tested code with comprehensive test coverage.

• Troubleshoots and resolves complex customer issues.

• Provides technical leadership and supports system operations at the organization level.

• Leads sprint estimation, planning, and technical strategy.

• Possesses deep understanding of the product and demonstrates expert-level knowledge of feature areas.

• 12+ years of professional experience with Bachelor's Degree; or 8+ years experience with Master's degree in Computer Science, Engineering, Cybersecurity, or related field; or 5+ years of experience with PhD and equivalent practical experience.

• Experience in software engineering or security engineering, with deep, hands-on expertise in security detection, monitoring, or incident response.

• Advanced proficiency in Python or Go, with a proven track record developing robust detection logic or security tooling.

• In-depth understanding of file formats commonly abused by attackers; experience writing decoders and reverse engineering abused file formats.

• Strong understanding of browser internals, including HTML and JavaScript execution, DOM manipulation, and security implications of active content in web browsers.

• Expertise in security operations concepts, including attack techniques (MITRE ATT&CK), log analysis, threat hunting, and secure coding practices.

• Strong grasp of software design principles for building scalable and maintainable detection systems.

• Advanced experience with cloud platforms (e.g., AWS, GCP, or Azure).

• Proficiency with development tools such as Git, CI/CD pipelines, Docker, and Kubernetes.

• Excellent debugging and problem-solving skills, especially relating to detection and alerting logic in complex systems.

• Exceptional communication skills and ability to collaborate and influence across cross-functional teams.

• Demonstrated ability to mentor, coach, and inspire technical teams.

At Cisco, we're revolutionizing how data and infrastructure connect and protect organizations in the AI era - and beyond. We've been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you'll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.

We are Cisco, and our power starts with you.

Individual pay is determined by the candidate's hiring location, market conditions, job-related skillset, experience, qualifications, education, certifications, and/or training. The full salary range for certain locations is listed below. For locations not listed below, the recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees are offered benefits, subject to Cisco's plan eligibility rules, which include medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, paid parental leave, short and long-term disability coverage, and basic life insurance. Please see the Cisco careers site to discover more benefits and perks. Employees may be eligible to receive grants of Cisco restricted stock units, which vest following continued employment with Cisco for defined periods of time.

U.S. employees are eligible for paid time away as described below, subject to Cisco's policies:

• 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees

• 1 paid day off for employee's birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness determined by Cisco

• Non-exempt employees** receive 16 days of paid vacation time per full calendar year, accrued at rate of 4.92 hours per pay period for full-time employees

• Exempt employees participate in Cisco's flexible vacation time off program, which has no defined limit on how much vacation time eligible employees may use (subject to availability and some business limitations)

• 80 hours of sick time off provided on hire date and each January 1st thereafter, and up to 80 hours ofunused sick timecarried forwardfrom one calendar yearto the next

• Additional paid time away may be requested to deal with critical or emergency issues for family members

• Optional 10 paid days per full calendar year to volunteer

For non-sales roles, employees are also eligible to earn annual bonuses subject to Cisco's policies.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components, subject to the applicable Cisco plan. For quota-based incentive pay, Cisco typically pays as follows:

• .75% of incentive target for each 1% of revenue attainment up to 50% of quota;

• 1.5% of incentive target for each 1% of attainment between 50% and 75%;

• 1% of incentive target for each 1% of attainment between 75% and 100%; and

• Once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay 0% up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.

The applicable full salary ranges for this position, by specific state, are listed below:

New York City Metro Area:

Non-Metro New York state & Washington state:

* For quota-based sales roles on Cisco's sales plan, the ranges provided in this posting include base pay and sales target incentive compensation combined.

** Employees in Illinois, whether exempt or non-exempt, will participate in a unique time off program to meet local requirements.