General Dynamics Information Technology is hiring: Cybersecurity Splunk SOAR Eng

Job Qualifications Cybersecurity, Security Tools, Splunk Phantom Job Description Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able To Obtain: Top Secret/SCI Public Trust/Other Required: None Job Family: IT Infrastructure and Operations Skills: Cybersecurity, Security Tools, Splunk Phantom Certifications: CompTIA Security+ CE Experience: 8+ years of related experience US Citizenship Required: Yes Position Overview Join GDIT as a Splunk SOAR Engineer and build an impactful career in enterprise IT. Your work will support the mission of USCENTCOM by transforming incident response processes from manual tasks to automated playbooks, deploying and maintaining the Splunk SOAR platform across the security domain. Key Responsibilities Design, deploy, and document the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability. Develop and customize complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents. Integrate Splunk SOAR with a diverse ecosystem of security tools (Splunk Enterprise Security, firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, ticketing systems) via API and custom app development. Manage and optimize data flow between Splunk ES and Splunk SOAR, ensuring security events trigger appropriate automation actions. Create custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out‑of‑the‑box integrations. Collaborate with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into automated playbooks. Establish and track metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction. Maintain detailed documentation of all SOAR content, platform configurations, and integration architectures. Required Skills Deep expertise with Splunk SOAR (Phantom) administration and maintenance in a distributed, enterprise environment. Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, apps, and integrations. Experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools. Strong understanding of SecOps principles, incident response lifecycles, and threat detection methodologies. Experience with RESTful APIs and developing connectors for tool interoperability. Proficiency in data manipulation, security log parsing, and the Common Information Model (CIM). Excellent verbal and written communication skills. Desired Skills Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines. Knowledge of MITRE ATT&CK framework and its application in automated detection and response use cases. Experience with Git or other version control systems for managing SOAR content. Familiarity with network protocols, operating systems, and enterprise architecture components. Splunk Enterprise Security Certified Admin or Architect Certification. Splunk Phantom/SOAR Certified Content Developer or Administrator Certification. Experience with other SOAR platforms (e.g., Cortex XSOAR, IBM Resilient). Experience in a USCENTCOM, DoD, or multi-domain security operations environment. ITIL 4 Foundation Certification. Additional Requirements Security clearance level: Top Secret/SCI required. US citizenship required. Support system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure. Provide advanced troubleshooting and support for SOAR platform issues and playbook execution errors. Conduct training and mentorship for SOC staff on SOAR tool usage and content development. Evaluate and integrate emerging security technologies and threat intelligence feeds into the automation fabric. Adhere to security best practices and compliance standards relevant to the operating environment. Compensation and Benefits Salary range: $127,500 – $172,500 per year (actual pay may vary based on experience, location, and contractual requirements). Benefits include 401(k) with company match, medical/dental/vision plans, paid time off, life and disability insurance, and additional employee programs. Work Schedule Scheduled weekly hours: 40 Travel required: less than 10% Telecommuting options: Onsite Location USA – FL – MacDill AFB Equal Opportunity Employer We are an equal opportunity employer and welcome individuals with disabilities, protected veterans, and all qualified candidates. #J-18808-Ljbffr