Splunk SOAR SME

About The Position

Requirements

• Splunk Core Certified Consultant (required)
• Splunk SOAR Playbook Development Certification (required)
• Splunk SOAR Administration Certification (required)
• Strong hands-on experience with Splunk SOAR (Phantom) and playbook development
• Experience administering and tuning Splunk Enterprise Security (ES)
• Proficiency in SPL (Search Processing Language)
• Experience with incident response, automation, and security operations workflows
• Splunk Enterprise Security Admin Certification must be obtained within 6–12 months of onboarding

Nice To Haves

• Experience supporting Department of Defense (DoD) environments
• Familiarity with security frameworks (NIST, RMF, MITRE ATT&CK)
• Experience integrating SOAR with third-party security tools (EDR, SIEM, ticketing systems)
• Scripting or programming experience (Python preferred for playbook development)

Responsibilities

• Design, develop, and implement cybersecurity-focused Splunk SOAR playbooks to automate incident response and security operations
• Maintain and optimize Splunk SOAR platform, including playbook lifecycle management and integrations
• Perform Splunk Enterprise Security (ES) tuning, configuration, and optimization
• Manage assets and identities within ES to ensure accurate threat detection and correlation
• Develop and enhance ES use cases, correlation searches, and notable event workflows
• Collaborate with security teams to improve detection capabilities and response efficiency
• Integrate SOAR with ES and other security tools to streamline security operations
• Support continuous improvement of security automation, reducing manual effort and response times
• Provide documentation, best practices, and knowledge transfer to stakeholders