Itlearn360
Cybersecurity Splunk SOAR Engineer at GDIT Florida
Itlearn360, Florida, New York, United States
Cybersecurity Splunk SOAR Engineer job at GDIT. Florida.
Responsibilities for this Position Location:
USA FL MacDill AFB
Full Part/Time:
Full time
Job Req:
RQ211186
Type of Requisition:
Regular
Clearance Level Must Currently Possess:
Top Secret/SCI
Clearance Level Must Be Able to Obtain:
Top Secret/SCI
Public Trust/Other Required:
None
Job Family:
IT Infrastructure and Operations
Job Qualifications:
Skills:
Cybersecurity, Security Tools, Splunk Phantom
Certifications:
None
Experience:
8+ years of related experience
US Citizenship Required:
Yes
Clearance Requirement:
TS/SCI clearance required
MEANINGFUL WORK AND PERSONAL IMPACT:
As a Splunk SOAR Engineer, the work you’ll do at GDIT will be impactful to the mission of USCENTCOM. You will play a crucial role in transforming incident response processes from manual tasks to automated playbooks. This role requires deep technical expertise in security operations, hands‑on experience with Splunk SOAR deployment and content development, and the ability to integrate diverse security tools for cohesive orchestration. The ideal candidate will possess a strategic vision for maximizing security efficiency and accelerating threat mitigation.
See duties and responsibilities listed below:
Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.
Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).
Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.
Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.
Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out‑of‑the‑box integrations.
Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.
Establishing and tracking metrics for SOAR utilization, automation coverage, and mean time to respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.
Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.
WHAT YOU'LL NEED TO SUCCEED
Certification:
Applicable DoD 8140 or DoD 8570 Certification
Experience:
8+ years of related experience
Required Skills:
Deep, hands‑on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.
Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.
Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).
Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies.
Experience with RESTful APIs and developing connectors for tool interoperability.
Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) for security contexts.
Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non‑technical audiences.
Desired Skills:
Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.
Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases.
Experience with Git or other version control systems for managing SOAR content.
Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring.
Splunk Enterprise Security Certified Admin or Architect Certification.
Splunk Phantom/SOAR Certified Content Developer or Administrator Certification.
Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient).
Experience in a USCENTCOM, DoD, or multi‑domain security operations environment.
ITIL 4 Foundation Certification.
Additional Responsibilities:
Supporting system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure.
Providing advanced troubleshooting and support for SOAR platform issues and playbook execution errors.
Conducting training and mentorship for SOC staff on SOAR tool usage, basic content development, and best practices.
Evaluating and integrating emerging security technologies and threat intelligence feeds into the automation fabric.
Adhering to security best practices and compliance standards relevant to the operating environment.
GDIT IS YOUR PLACE
Growth: AI‑powered career tool that identifies career steps and learning opportunities.
Support: An internal mobility team focused on helping you achieve your career goals.
Rewards: Comprehensive benefits and wellness packages, 401(k) with company match, competitive pay, and paid time off.
Community: Award‑winning culture of innovation and a military‑friendly workplace.
OWN YOUR OPPORTUNITY
Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite
Work Location: USA FL MacDill AFB
Salary Range: $127,500 - $172,500 (based on experience, geographic location, and contractual requirements)
Benefits: Medical, Dental, Vision, 401(k), Disability, Life, Accidental Death, Business Travel Insurance, Paid Time Off, Flex Work Weeks, and more as detailed above.
#J-18808-Ljbffr
Responsibilities for this Position Location:
USA FL MacDill AFB
Full Part/Time:
Full time
Job Req:
RQ211186
Type of Requisition:
Regular
Clearance Level Must Currently Possess:
Top Secret/SCI
Clearance Level Must Be Able to Obtain:
Top Secret/SCI
Public Trust/Other Required:
None
Job Family:
IT Infrastructure and Operations
Job Qualifications:
Skills:
Cybersecurity, Security Tools, Splunk Phantom
Certifications:
None
Experience:
8+ years of related experience
US Citizenship Required:
Yes
Clearance Requirement:
TS/SCI clearance required
MEANINGFUL WORK AND PERSONAL IMPACT:
As a Splunk SOAR Engineer, the work you’ll do at GDIT will be impactful to the mission of USCENTCOM. You will play a crucial role in transforming incident response processes from manual tasks to automated playbooks. This role requires deep technical expertise in security operations, hands‑on experience with Splunk SOAR deployment and content development, and the ability to integrate diverse security tools for cohesive orchestration. The ideal candidate will possess a strategic vision for maximizing security efficiency and accelerating threat mitigation.
See duties and responsibilities listed below:
Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.
Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).
Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.
Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.
Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out‑of‑the‑box integrations.
Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.
Establishing and tracking metrics for SOAR utilization, automation coverage, and mean time to respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.
Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.
WHAT YOU'LL NEED TO SUCCEED
Certification:
Applicable DoD 8140 or DoD 8570 Certification
Experience:
8+ years of related experience
Required Skills:
Deep, hands‑on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.
Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.
Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).
Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies.
Experience with RESTful APIs and developing connectors for tool interoperability.
Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) for security contexts.
Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non‑technical audiences.
Desired Skills:
Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.
Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases.
Experience with Git or other version control systems for managing SOAR content.
Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring.
Splunk Enterprise Security Certified Admin or Architect Certification.
Splunk Phantom/SOAR Certified Content Developer or Administrator Certification.
Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient).
Experience in a USCENTCOM, DoD, or multi‑domain security operations environment.
ITIL 4 Foundation Certification.
Additional Responsibilities:
Supporting system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure.
Providing advanced troubleshooting and support for SOAR platform issues and playbook execution errors.
Conducting training and mentorship for SOC staff on SOAR tool usage, basic content development, and best practices.
Evaluating and integrating emerging security technologies and threat intelligence feeds into the automation fabric.
Adhering to security best practices and compliance standards relevant to the operating environment.
GDIT IS YOUR PLACE
Growth: AI‑powered career tool that identifies career steps and learning opportunities.
Support: An internal mobility team focused on helping you achieve your career goals.
Rewards: Comprehensive benefits and wellness packages, 401(k) with company match, competitive pay, and paid time off.
Community: Award‑winning culture of innovation and a military‑friendly workplace.
OWN YOUR OPPORTUNITY
Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
Scheduled Weekly Hours: 40
Travel Required: Less than 10%
Telecommuting Options: Onsite
Work Location: USA FL MacDill AFB
Salary Range: $127,500 - $172,500 (based on experience, geographic location, and contractual requirements)
Benefits: Medical, Dental, Vision, 401(k), Disability, Life, Accidental Death, Business Travel Insurance, Paid Time Off, Flex Work Weeks, and more as detailed above.
#J-18808-Ljbffr