Splunk SOAR Engineer

Public Trust: None

Requisition Type: Regular

Your Impact

Own your opportunity to support our nation's defense. Make an impact by connecting and securing critical operations across the globe, keeping our country safe and secure.

Job Description

Advance how our customers operate while you advance your career. Join GDIT as a Splunk SOAR Engineer and build an impactful career in enterprise IT, collaborating with people who are driven and resourceful like you.

MEANINGFUL WORK AND PERSONAL IMPACT:
As a Splunk SOAR Engineer , the work you’ll do at GDIT will be impactful to the mission of USCENTCOM. You will play a crucial role in transforming incident response processes from manual tasks to automated playbooks. This role requires deep technical expertise in security operations, hands-on experience with Splunk SOAR deployment and content development, and the ability to integrate diverse security tools for cohesive orchestration. The ideal candidate will possess a strategic vision for maximizing security efficiency and accelerating threat mitigation. See duties and responsibilities listed below:

We are seeking a Splunk SOAR Engineer with a demonstrable background in developing and implementing Security Orchestration, Automation, and Response (SOAR) solutions at an enterprise level. The selected engineer will be responsible for the full lifecycle of SOAR capabilities, from design and integration to content development and maintenance, with key focus areas including:

• Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain.

• Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).

• Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development.

• Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions.

• Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out-of-the-box integrations.

• Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks.

• Establishing and tracking metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction to demonstrate platform value and drive continuous improvement.

• Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures.

WHAT YOU’LL NEED TO SUCCEED
Bring your technology expertise and drive for innovation to GDIT. The Systems Engineer Principal must have:

• Certification: Applicable DoD 8140 or DoD 8570 Certification

• Experience: 8+ years of related experience

• Required Skills:

  • Deep, hands-on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment.

  • Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations.

  • Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM).

  • Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies.

  • Experience with RESTful APIs and developing connectors for tool interoperability.

  • Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) in a security context.

  • Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non-technical audiences.

• Desired Skills:

  • Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.

  • Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases.

  • Experience with Git or other version control systems for managing SOAR content.

  • Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring.

  • Splunk Enterprise Security Certified Admin or Architect Certification

  • Splunk Phantom / SOAR Certified Content Developer or Administrator Certification

  • Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient)

  • Experience in a USCENTCOM, or multi-domain security defense operations environment

  • ITIL 4 Foundation Certification

• Security clearance level: TS/SCI clearance required.

• US citizenship required

• Additional Responsibilities:

  • Supporting system upgrades, patching, and performance tuning across the Splunk SOAR infrastructure.

  • Providing advanced troubleshooting and support for SOAR platform issues and playbook execution errors.

  • Conducting training and mentorship for SOC staff on SOAR tool usage, basic content development, and best practices.

  • Evaluating and integrating emerging security technologies and threat intelligence feeds into the automation fabric.

  • Adhering to security best practices and compliance standards relevant to the operating environment.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.

• Growth: AI-powered career tool that identifies career steps and learning opportunities

• Support: An internal mobility team focused on helping you achieve your career goals

• Rewards: Comprehensive benefits and wellness packages, 401K with company match, competitive pay and paid time off

• Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.

#ARMA

#CENTCOMCITS

#GDITPRIORITY

Work Requirements

Years of Experience

8 + years of related experience

* may vary based on technical training, certification(s), or degree

Certification

CompTIA Security+ CE | CompTIA - CompTIA

Travel Required

Less than 10%

Citizenship

U.S. Citizenship Required