Splunk SOAR Engineer

** Req :
** RQ211186

** Type of

Requisition :
** Regular

** Clearance Level Must Be Able to Obtain:
** Top Secret/SCI

** Public Trust/Other

Required:

** None

** Job Family:
** IT Infrastructure and Operations

*
* Skills:

*
* Cybersecurity,Security Tools,Splunk Phantom

*
* Certifications:

*
* CompTIA Security+ CE | CompTIA - CompTIA

*
* Experience:

*
* 8 + years of related experience

** US Citizenship

Required:

*
* Yes

*
* Job Description:

*
* Advance how our customers operate while you advance your career. Join GDIT as a  
** Splunk SOAR Engineer
** and build an impactful career in enterprise IT, collaborating with people who are driven and resourceful like you.

** MEANINGFUL WORK AND PERSONAL IMPACT:*
* As a  
** Splunk SOAR Engineer** , the work you'll do at GDIT will be impactful to the mission of USCENTCOM. You will play a crucial role in transforming incident response processes from manual tasks to automated playbooks. This role requires deep technical expertise in security operations, hands-on experience with Splunk SOAR deployment and content development, and the ability to integrate diverse security tools for cohesive orchestration.

The ideal candidate will possess a strategic vision for maximizing security efficiency and accelerating threat mitigation. See duties and responsibilities listed below:

We are seeking a  
** Splunk SOAR Engineer
** with a demonstrable background in developing and implementing Security Orchestration, Automation, and Response (SOAR) solutions at an enterprise level. The selected engineer will be responsible for the full lifecycle of SOAR capabilities, from design and integration to content development and maintenance, with key focus areas including:

+ Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.

+ Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).

+ Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.

+ Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.

+ Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out-of-the-box integrations.

+ Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.

+ Establishing and tracking metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.

+ Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.

** WHAT YOU'LL NEED TO SUCCEED*
* Bring your technology expertise and drive for innovation to GDIT. The Systems Engineer Principal must have:

+ Certification:
Applicable DoD 8140 or DoD 8570 Certification

+

Experience:

8+ years of related experience

+

Required Skills:

+ Deep, hands-on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.

+ Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.

+ Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).

+ Strong understanding of security operations (Sec Ops) principles, incident response life cycles, and threat detection methodologies.

+

Experience with RESTful APIs and developing connectors for tool interoperability.

+ Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) in a security context.

+ Strong verbal and written…