Splunk SOAR Cyber Automation Engineer

Splunk SOAR Cyber Automation Engineer

• Location:
  
  College Park, MD;
  Washington, DC;
  Reston, VA
• Required Clearance:
  Active TS/SCI with polygraph eligibility
• Employment Type:
  
  Full‑Time Regular
• Shift: Day
• Travel:
  No
• Relocation Assistance:
  Yes

We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that’s important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day.

We think. We act. We deliver.

Ennoble First is seeking a Splunk SOAR Cyber Automation Engineer to support the deployment, operation, and sustainment of enterprise security orchestration, automation, and response capabilities. This role focuses on implementing and maintaining Splunk SOAR (formerly Phantom) platforms to automate incident response workflows, enrich alerts, and improve response speed and consistency across complex Government cybersecurity environments. The Splunk SOAR Cyber Automation Engineer works closely with SOC analysts, detection engineers, and platform teams to ensure automation workflows align with operational requirements and support Zero Trust and enterprise cybersecurity initiatives.

• Deploy, configure, operate, and sustain Splunk SOAR platforms in enterprise Government environments
• Design, develop, and maintain automated playbooks to support incident response, alert enrichment, containment, and remediation
• Integrate Splunk SOAR with SIEM, EDR, IDS/IPS, vulnerability management, threat intelligence, and ticketing platforms
• Develop custom scripts and connectors to extend automation and enrichment capabilities
• Monitor platform health, automation execution, and system performance
• Perform upgrades, patching, configuration changes, and lifecycle maintenance
• Troubleshoot automation failures, integration issues, and workflow performance problems
• Collaborate with SOC and cyber operations teams to identify automation opportunities and improve response processes
• Develop and maintain technical documentation, runbooks, and operational procedures
• Support Zero Trust initiatives through automated detection and response workflows

• 5+ years of experience supporting cybersecurity engineering, security operations, or incident response
• 3+ years of experience deploying or administering SOAR platforms, including Splunk SOAR (Phantom) or similar tools
• 2+ years of experience deploying, hosting, monitoring, and securing solutions for Government customers
• Strong understanding of incident response processes, alert triage, and automated remediation
• Experience developing automation using Python or similar scripting languages
• Experience integrating security platforms using APIs and native connectors
• Active TS/SCI clearance with polygraph eligibility