A World-Changing Company

At Palantir, we’re passionate about building software that solves problems. We partner with the most important institutions in the world to transform how they use data and technology. Our software has been used to stop terrorist attacks, discover new medicines, gain an edge in global financial markets, and more. If these types of projects excite you, we'd love for you to join us.

The Role

As an Infrastructure Engineer, you are responsible for building, running, and evolving world-class Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) infrastructure and data pipelines. You will work closely with Cloud, DevOps, and other Information Security teams to ensure this infrastructure operates effectively, securely, and with high availability. 

Our SIEM/SOAR infrastructure consists of four major components which you will be responsible for:

• A Palantir Foundry cluster. We use our own software to integrate, process and monitor our data to achieve security outcomes. You’ll have an opportunity to leverage it directly against some of the hardest problems we face.
• A multi-petabyte, distributed Splunk Enterprise cluster. We ingest 10+ terabytes of well-structured security telemetry per day and keep this data hot and searchable for years.
• A Splunk SOAR cluster. This provides centralized security automation, orchestration, and response capabilities for our security program, and helps our network defenders scale massively beyond their team size.
• Associated data and telemetry pipelines. We ingest data from hundreds of discrete sources to arm our network defenders. Keeping these data pipelines lean, healthy, secure, and timely is germane to our detection and investigation workflows. 

Core Responsibilities

• Work closely with DevOps to maintain, operate, and evolve a highly performant, large-scale Splunk Enterprise/SOAR cluster.
• Collaborate with other InfoSec teams to ensure data and telemetry collected is accurate, actionable, and provides significant security value.
• Develop, deploy, and monitor data pipelines to provide timely, complete, and accurate security data for network defenders.
• Directly support detection and investigation workflows through query development, dashboard creation, training, and new capability development.
• Ingest, enrich, transform, and analyze data in Palantir Foundry to provide meaningful security insights and improvements. 

What We Value

• 3+ years extensive security experience running, administering, or operating a complex Splunk Enterprise cluster.
• A highly analytical mindset and eagerness to solve technical problems with distributed computing, code development, data pipelining tools, data health and monitoring frameworks, and other technologies.
• Ability to independently own projects and balance competing priorities, whilst still effectively collaborating with colleagues.
• Experience with public cloud service providers (e.g. Amazon AWS, Google GCP, Microsoft Azure) and modern deployment technologies (e.g. CI/CD, Kubernetes, docker).
• Proficiency in a modern scripting or programming language such as python (preferred), PowerShell, golang, or similar.
• Splunk Administrator or Architect Certification.
• Active US Security clearance, or eligibility and willingness to obtain a US Security clearance.

Palantir is committed to promoting a culture of diversity, equity, and inclusion and is proud to be an Equal Employment Opportunity and Affirmative Action employer. We believe that all Palantirians share the responsibility of upholding our commitment to these values and encourage candidates from a wide range of backgrounds, perspectives, and lived experiences to join us in solving the world’s hardest problems. Palantir does not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Palantir is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. Please see the United States Department of Labor’s EEO poster and EEO poster supplement for additional information.

Palantir is committed to making the job application process accessible to everyone. If you are living with a disability (visible or not visible) and need to request a reasonable accommodation for any part of the application or hiring process, please reach out and let us know how we can help.