Apply on Employer Site

General Dynamics Information Technology · 10 hours ago

Cybersecurity Splunk SOAR Engineer

Tampa, FL

Full-time

Onsite

Senior Level, Lead/Staff

$128K/yr - $172K/yr

8+ years exp

General Dynamics Information Technology is a global technology and professional services company that delivers consulting, technology and mission services to the U.S. government. They are seeking a Splunk SOAR Engineer to transform incident response processes through automation and orchestration, requiring deep technical expertise in security operations and hands-on experience with Splunk SOAR.

Artificial Intelligence (AI)Cloud ComputingConsultingCyber SecurityInformation Technology

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Designing, deploying, and documenting the distributed Splunk SOAR platform architecture, ensuring high availability, performance, and scalability across the security domain

Developing and customizing complex SOAR playbooks (e.g., in Python or Phantom Playbook Editor) for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access)

Integrating Splunk SOAR with a diverse ecosystem of security tools, including Splunk Enterprise Security (ES), firewalls, EDR/XDR, vulnerability scanners, threat intelligence platforms, and ticketing systems via API and custom app development

Managing and optimizing data flow between Splunk ES and Splunk SOAR, ensuring security events and alerts trigger appropriate and effective automation actions

Creating custom apps/integrations for Splunk SOAR to connect with proprietary or unique security tools not supported by out-of-the-box integrations

Collaborating with SOC analysts, threat hunters, and incident response teams to gather requirements, document workflows, and translate manual security procedures into robust, automated playbooks

Establishing and tracking metrics for SOAR utilization, automation coverage, and Mean Time to Respond (MTTR) reduction to demonstrate platform value and drive continuous improvement

Developing and maintaining detailed documentation of all SOAR content, platform configurations, and integration architectures

Qualification

Splunk SOARPython scriptingSecurity operationsCompTIA Security+ CERESTful APIsData manipulationCloud securityMITRE ATT&CKVersion controlNetwork protocolsOperating systemsITIL 4 FoundationCommunication skills

Required

Top Secret/SCI clearance level must currently possess

Top Secret/SCI clearance level must be able to obtain

8+ years of related experience

US Citizenship Required

Deep, hands-on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed, enterprise environment

Advanced proficiency in Python scripting for developing and customizing SOAR playbooks, custom apps, and integrations

Proven experience integrating SOAR with Splunk Enterprise Security (ES) and core security tools (e.g., EDR, TIP, SIEM)

Strong understanding of security operations (SecOps) principles, incident response lifecycles, and threat detection methodologies

Experience with RESTful APIs and developing connectors for tool interoperability

Proficiency in data manipulation, security log parsing, and understanding of the Common Information Model (CIM) in a security context

Strong verbal and written communication skills with the ability to articulate complex security automation concepts to technical and non-technical audiences

Certification: Applicable DoD 8140 or DoD 8570 Certification

Preferred

Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment

Knowledge of MITRE ATT&CK framework and its application in developing automated detection and response use cases

Experience with Git or other version control systems for managing SOAR content

Familiarity with network protocols, operating systems (Windows/Linux), and enterprise architecture components relevant to security monitoring

Splunk Enterprise Security Certified Admin or Architect Certification

Splunk Phantom / SOAR Certified Content Developer or Administrator Certification

Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient)

Experience in a USCENTCOM, DoD, or multi-domain security operations environment

ITIL 4 Foundation Certification

Benefits

Comprehensive benefits and wellness packages

401K with company match

Competitive pay and paid time off

Variety of medical plan options, some with Health Savings Accounts

Dental plan options

Vision plan

Ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match

Full flex work weeks where possible

Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave

Short and long-term disability benefits

Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance

Company

General Dynamics Information Technology

Glassdoor3.9

General Dynamics Information Technology is an IT consulting company that specializes in cyber security, AI, and quantum computing. It is a sub-organization of General Dynamics.

Founded in 1999

Falls Church, Virginia, USA

10001+ employees