Job Description

Job Title: Splunk SOAR Engineer

3-6 months

onsite - St, Doral, FL 33172, USA

***  MUST HAVE SECRET CLEARANCE***

Job Title: Splunk SOAR Engineer

We are seeking a talented and driven Splunk SOAR(security orchestration, automation and response) Engineer to design, develop, and maintain automation solutions that streamline and accelerate our security operations. In this role, you will leverage Splunk SOAR (formerly Phantom) to create robust, scalable playbooks, integrate diverse security tools, and drive automation for threat detection, investigation, and response. This is a hands-on technical role that sits at the intersection of security and engineering.

Key Responsibilities • Design, build, and optimize automated playbooks using Splunk SOAR to support incident response and threat management.

• Develop and maintain integrations with security tools (e.g., EDR, SIEM, threat intel platforms, firewalls, ticketing systems).

• Automate repetitive SOC tasks such as enrichment, triage, response, and remediation actions.

• Collaborate with SOC analysts, engineers, and incident responders to identify use cases for automation.

• Write custom scripts and connectors (primarily in Python) to extend platform functionality.

• Integrate SOAR platform with Splunk.

• Maintain documentation for all playbooks, integrations, and processes.

• Monitor and troubleshoot playbook performance and execution issues.

• Support ongoing optimization and tuning of automation workflows for accuracy, speed, and reliability.

• Stay informed of emerging threats and best practices in security orchestration and automation.

Qualifications

Required: • 2–5 years of experience in a security engineering or SOC environment.

• 1+ year of hands-on experience with Splunk SOAR (Phantom) or another SOAR platform.

• Strong scripting skills in Python.

• Experience creating and deploying playbooks or automated workflows.

• Familiarity with REST APIs and integrations with security tools (e.g., EDRs, SIEMs, threat intel, AD, firewalls).

• Understanding of security operations and incident response procedures.

• Excellent problem-solving skills and attention to detail. Preferred:

• Splunk SOAR Certified Automation Developer or similar certification.

• Experience with Splunk ES or other SIEM platforms.

• Knowledge of common security frameworks (MITRE ATT&CK, NIST, etc.).

• Experience working with ServiceNow, Jira, or other ITSM platforms.

Job Tags

Similar Jobs