Incident Commander, SIRT


Location: Brisbane, Canberra, Melbourne, Sydney

Job Type: Full time


Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!


In this role, you will be part of an established team of seasoned, high performing incident commanders who are responsible for handling high severity incidents from triage through to post incident reviews. This is a senior role at Splunk requiring an individual who can take charge in high stress situations and give direction to both customer personnel and to the Splunk internal teams to drive resolution of incidents working in a partnership. We are looking for an operation professional with a good appreciation for the cloud/SaaS environment with a great customer centric approach in incident resolution and the ability to communicate clearly and effectively across all audience.


  • Take command of incidents by setting up or taking over a multi-functional technical bridge call, comprised of internal and external stakeholders
  • Work with SME’s to interpret key data points and facilitate the incident resolution efforts, including building an incident action plan and executing the plan.
  • Set clear incident resolution objectives (exit criteria) and ensure the cross functional incident response team clearly understand your priorities and the focus areas.
  • Stay across the remediation progress whilst managing any technical and business risks as they are identified.
  • Manage customer expectations via agreed messaging channels (ie direct emails, attending customer bridges or through customer case notes)
  • Document all key decisions, milestones and setbacks in the regular status updates and produce executive summaries as required.
  • Operate as part of a 7x24 global team of Incident Commanders and ensure seamless handover of critical issues to other regions.
  • Participate in post incident review discussions and provide input into the continuous service improvement workshops.


  • Intermediate to an expert level of incident management, MIM, crisis management and/or Disaster Recovery experience (min, 3-5 years of experience depending on the scale of the operation)
  • Strong operational and situational leadership skills
  • Demonstrable knowledge of incident management best practice (min ITIL v3 Foundation)
  • Strong critical thinking, problem solving and decision-making abilities
  • Good communication skills (both verbal and written).
  • Incident status report writing experience (executive level and rapid status reports)
  • Works well in a dynamic changing environment and is comfortable with ambiguity.
  • Experience in Cloud/SaaS environment would be highly regarded
  • Background as a MIM in IT, SOC, NOC would be highly regarded.
  • Bachelor’s degree or relevant job experience.
  • Able to work in a 4-day week i.e. Sunday to Wednesday or Wednesday to Saturday

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

You’ve got this!