Splunk SOAR Engineer

If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process.

Full Time Tampa, FL, US

Venatore is a woman-owned small business headquartered in Tampa, Florida, providing mission-driven technology and professional services to federal defense and civilian agencies. We deliver expertise in information technology, engineering, logistics, and program support to help our clients achieve operational excellence and mission success.

Venatore is seeking a Splunk SOAR Engineer to support U.S. Central Command (USCENTCOM) operations by designing, implementing, and optimizing enterprise-level Security Orchestration, Automation, and Response (SOAR) capabilities. This role is responsible for transforming manual incident response processes into scalable, automated workflows that accelerate threat detection, containment, and remediation. The Splunk SOAR Engineer will lead the full lifecycle of platform architecture, integration, content development, and performance optimization while collaborating closely with SOC analysts, threat hunters, and incident response teams.

An active TS/SCI clearance is required.

Design, deploy, document, and maintain distributed Splunk SOAR (Phantom) platform architecture to ensure high availability, scalability, and performance.

Support system upgrades, patching, and performance tuning across the SOAR infrastructure.

Provide advanced troubleshooting and resolution of platform issues and playbook execution errors.

Adhere to security best practices and compliance requirements within the operational environment.

Develop, customize, and maintain complex SOAR playbooks using Python and the Phantom Playbook Editor for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).

Translate manual security procedures into robust, automated workflows aligned with Sec Ops best practices.

Establish and track automation metrics, including utilization rates, automation coverage, and Mean Time to Respond (MTTR) improvements.

Integrate Splunk SOAR with Splunk Enterprise Security (ES) and other core security technologies, including EDR/XDR platforms, firewalls, vulnerability scanners, threat intelligence platforms, and ticketing systems.

Develop custom apps and integrations to connect proprietary or unsupported security tools using RESTful APIs and custom connectors.

Manage and optimize data flow between Splunk ES and Splunk SOAR to ensure effective event-triggered automation actions.

Partner with SOC analysts, threat hunters, and incident response teams to gather requirements and document workflows.

Develop and maintain detailed technical documentation for platform configurations, integrations, and automation content.

Provide training and mentorship to SOC staff on SOAR usage, content development, and automation best practices.

Evaluate and integrate emerging security technologies and threat intelligence feeds into the automation ecosystem.

• Active TS/SCI security clearance.
• Applicable DoD 8140 or DoD 8570 certification.
• 8+ years of related experience in security engineering or security operations.
• Hands‑on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed enterprise environment.
• Advanced proficiency in Python scripting for playbook development, custom apps, and integrations.
• Proven experience integrating SOAR platforms with Splunk Enterprise Security (ES), SIEMs, EDR/XDR tools, and other security technologies.
• Strong understanding of security operations principles, incident response life cycles, and threat detection methodologies.
• Experience working with RESTful APIs and developing tool connectors.
• Proficiency in data manipulation, log parsing, and understanding of the Common Information Model (CIM) in a security context.
• Strong verbal and written communication skills with the ability to convey complex automation concepts to technical and non‑technical audiences.