Cybersecurity Splunk SOAR Engineer

About The Position

Requirements

• Certification: Applicable DoD 8140 or DoD 8570 Certification
• Experience: 8+ years of related experience
• Required Skills: Deep, hands-on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.
• Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.
• Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).
• Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies.
• Experience with RESTful APIs and developing connectors for tool interoperability.
• Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) in a security context.
• Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non-technical audiences.
• Security clearance level: TS/SCI clearance required.
• US citizenship required

Nice To Haves

• Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.
• Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases.
• Experience with Git or other version control systems for managing SOAR content.
• Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring.
• Splunk Enterprise Security Certified Admin or Architect Certification
• Splunk Phantom / SOAR Certified Content Developer or Administrator Certification
• Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient)
• Experience in a USCENTCOM, DoD, or multi-domain security operations environment
• ITIL 4 Foundation Certification

Responsibilities

• Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.
• Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).
• Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.
• Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.
• Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out-of-the-box integrations.
• Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.
• Establishing and tracking metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.
• Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.
• Supporting system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure.
• Providing advanced troubleshooting and support for SOAR platform issues and playbook execution errors.
• Conducting training and mentorship for SOC staff on SOAR tool usage, basic content development, and best practices.
• Evaluating and integrating emerging security technologies and threat intelligence feeds into the automation fabric.
• Adhering to security best practices and compliance standards relevant to the operating environment.

Benefits

• Comprehensive benefits and wellness packages
• 401K with company match
• Competitive pay and paid time off
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance