General Dynamics Information Technology
Cybersecurity Splunk SOAR Engineer
General Dynamics Information Technology, Tampa, Florida, us, 33646
Type of Requisition:
Regular
Clearance Level Must Currently Possess: Top Secret/SCI
Clearance Level Must Be Able to Obtain: Top Secret/SCI
Public Trust/Other Required: None
Job Family: IT Infrastructure and Operations
Job Qualifications: Skills:
Cybersecurity, Security Tools, Splunk Phantom
Certifications:
CompTIA Security+ CE | CompTIA - CompTIA
Experience:
8 + years of related experience
US Citizenship Required:
Yes
Job Description: Advance how our customers operate while you advance your career. Join GDIT as a
Splunk SOAR Engineer
and build an impactful career in enterprise IT, collaborating with people who are driven and resourceful like you.
MEANINGFUL WORK AND PERSONAL IMPACT: As a
Splunk SOAR Engineer , the work you’ll do at GDIT will be impactful to the mission of USCENTCOM. You will play a crucial role in transforming incident response processes from manual tasks to automated playbooks. This role requires deep technical expertise in security operations, hands‑on experience with Splunk SOAR deployment and content development, and the ability to integrate diverse security tools for cohesive orchestration. The ideal candidate will possess a strategic vision for maximizing security efficiency and accelerating threat mitigation.
See duties and responsibilities listed below:
Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.
Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).
Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.
Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.
Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out‑of‑the‑box integrations.
Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.
Establishing and tracking metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.
Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.
WHAT YOU’LL NEED TO SUCCEED
Certification: Applicable DoD 8140 or DoD 8570 Certification
Experience: 8+ years of related experience
Required Skills:
Deep, hands‑on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.
Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.
Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).
Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies.
Experience with RESTful APIs and developing connectors for tool interoperability.
Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) in a security context.
Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non‑technical audiences.
Desired Skills:
Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.
Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases.
Experience with Git or other version control systems for managing SOAR content.
Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring.
Splunk Enterprise Security Certified Admin or Architect Certification
Splunk Phantom / SOAR Certified Content Developer or Administrator Certification
Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient)
Experience in a USCENTCOM, DoD, or multi‑domain security operations environment
ITIL 4 Foundation Certification
Security clearance level: TS/SCI clearance required.
US citizenship required.
Additional Responsibilities:
Supporting system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure.
Providing advanced troubleshooting and support for SOAR platform issues and playbook execution errors.
Conducting training and mentorship for SOC staff on SOAR tool usage, basic content development, and best practices.
Evaluating and integrating emerging security technologies and threat intelligence feeds into the automation fabric.
Adhering to security best practices and compliance standards relevant to the operating environment.
GDIT IS YOUR PLACE
Growth: AI‑powered career tool that identifies career steps and learning opportunities
Support: An internal mobility team focused on helping you achieve your career goals
Rewards: Comprehensive benefits and wellness packages, 401K with company match, competitive pay and paid time off
Community: Award‑winning culture of innovation and a military‑friendly workplace
OWN YOUR OPPORTUNITY Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.
#ARMA
#CENTCOMCITS
#GDITPRIORITY
The likely salary range for this position is $127,500 - $172,500. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite
Work Location: USA FL MacDill AFB
Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US‑based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre‑ and post‑tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long‑term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees are told they value most. We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
#J-18808-Ljbffr
Clearance Level Must Currently Possess: Top Secret/SCI
Clearance Level Must Be Able to Obtain: Top Secret/SCI
Public Trust/Other Required: None
Job Family: IT Infrastructure and Operations
Job Qualifications: Skills:
Cybersecurity, Security Tools, Splunk Phantom
Certifications:
CompTIA Security+ CE | CompTIA - CompTIA
Experience:
8 + years of related experience
US Citizenship Required:
Yes
Job Description: Advance how our customers operate while you advance your career. Join GDIT as a
Splunk SOAR Engineer
and build an impactful career in enterprise IT, collaborating with people who are driven and resourceful like you.
MEANINGFUL WORK AND PERSONAL IMPACT: As a
Splunk SOAR Engineer , the work you’ll do at GDIT will be impactful to the mission of USCENTCOM. You will play a crucial role in transforming incident response processes from manual tasks to automated playbooks. This role requires deep technical expertise in security operations, hands‑on experience with Splunk SOAR deployment and content development, and the ability to integrate diverse security tools for cohesive orchestration. The ideal candidate will possess a strategic vision for maximizing security efficiency and accelerating threat mitigation.
See duties and responsibilities listed below:
Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.
Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).
Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.
Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.
Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out‑of‑the‑box integrations.
Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.
Establishing and tracking metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.
Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.
WHAT YOU’LL NEED TO SUCCEED
Certification: Applicable DoD 8140 or DoD 8570 Certification
Experience: 8+ years of related experience
Required Skills:
Deep, hands‑on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.
Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.
Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).
Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies.
Experience with RESTful APIs and developing connectors for tool interoperability.
Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) in a security context.
Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non‑technical audiences.
Desired Skills:
Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.
Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases.
Experience with Git or other version control systems for managing SOAR content.
Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring.
Splunk Enterprise Security Certified Admin or Architect Certification
Splunk Phantom / SOAR Certified Content Developer or Administrator Certification
Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient)
Experience in a USCENTCOM, DoD, or multi‑domain security operations environment
ITIL 4 Foundation Certification
Security clearance level: TS/SCI clearance required.
US citizenship required.
Additional Responsibilities:
Supporting system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure.
Providing advanced troubleshooting and support for SOAR platform issues and playbook execution errors.
Conducting training and mentorship for SOC staff on SOAR tool usage, basic content development, and best practices.
Evaluating and integrating emerging security technologies and threat intelligence feeds into the automation fabric.
Adhering to security best practices and compliance standards relevant to the operating environment.
GDIT IS YOUR PLACE
Growth: AI‑powered career tool that identifies career steps and learning opportunities
Support: An internal mobility team focused on helping you achieve your career goals
Rewards: Comprehensive benefits and wellness packages, 401K with company match, competitive pay and paid time off
Community: Award‑winning culture of innovation and a military‑friendly workplace
OWN YOUR OPPORTUNITY Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.
#ARMA
#CENTCOMCITS
#GDITPRIORITY
The likely salary range for this position is $127,500 - $172,500. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite
Work Location: USA FL MacDill AFB
Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US‑based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre‑ and post‑tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long‑term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees are told they value most. We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
#J-18808-Ljbffr