Apply on Employer Site

TechClub Inc · 19 hours ago

SOAR Development and Automation

Baltimore, MD

Contract

Onsite

Mid, Senior Level

2+ years exp

TechClub Inc is focused on advancing security automation and data management solutions. The SOAR Development and Automation role involves designing and maintaining playbooks in Splunk SOAR, automating SOC workflows, and managing data ingestion pipelines.

AnalyticsArtificial Intelligence (AI)Cloud ComputingCyber SecurityInformation TechnologySoftware

H1B Sponsor Likely

Responsibilities

Design| develop| and maintain playbooks in Splunk SOAR (Phantom)

Automate SOC workflows and integrate SOAR with IT security systems| ticketing platforms| and threat intelligence feeds

Refine and optimize automation for speed| efficiency| and accuracy

Administer and optimize Splunk Enterprise across distributed environments

Apply Splunk best practices for indexing| data models| knowledge objects| and search performance

Monitor Splunk health| scaling| and redundancy

Manage data ingestion pipelines using Cribl for routing| filtering| and transformation

Use Redis for caching| enrichment| and high-speed data lookups in automation workflows

Develop SQL-based integrations for correlation| enrichment| and reporting

Ensure seamless integration of APIs| third-party tools| and security services into Splunk and SOAR

Align Splunk and SOAR capabilities with SOC detection and response requirements

Apply security and IT architecture patterns (event-driven workflows| identity management| log aggregation)

Qualification

SplunkSOAR DevelopmentData ManagementScriptingProgrammingCyber SOC OperationsUnix/Linux AdministrationMITRE ATTACK MappingVersion Control (Git)PowerShellBashThreat Intelligence IntegrationData Life Cycle UnderstandingSplunk MLTKDevOps ContainersZero Trust FrameworkSQLRedisCribl

Required

5 years of Splunk Enterprise with multi-TB daily ingest| advanced knowledge of SPL| search optimization| and object management

Minimum 2 years of hands on Splunk SOAR (Phantom) development experience in designing and deploying playbooks

Proficiency with Cribl| Redis| SQL for management| ingestion| enrichment and correlation of data

Experience integrating with REST APIs handling authentication including OAuth and keys

Strong knowledge of Python including JSON XML Parsing| API requests and regex

Familiarity with PowerShell and Bash

Solid grasp of Cyber SOC operations and cybersecurity fundamentals

Proficiency in Unix/Linux administrations| networking topology and authentication systems

Capability of mapping MITRE ATTACK tactics and techniques to playbook design and development

Understanding of code repos and version control (Git)

Splunk Certified Admin and SOAR Developer certification

Preferred

Threat intelligence integration such as TAXII MISP and Recorded Future

Understanding of data life cycle (Compliance| retention policies| normalization)

Previous experience with upgrading Splunk enterprise

Experience with Splunk MLTK| UBA and| ITSI

Familiarity with DevOps containers (Dockers| Kubernetes)

Knowledge of Zero Trust framework

Company

TechClub Inc

TechClub renders avant-garde IT solutions to corporations.

Founded in 2014

Lincolnshire, Illinois, USA

201-500 employees

https://gotechclub.com

H1B Sponsorship

TechClub Inc has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (25)

2024 (13)

2023 (18)

2022 (7)

2021 (4)

2020 (1)

Funding

Current Stage

Growth Stage

Company data provided by crunchbase