Job Description

In this role, you must be able to work onsite, full time for the contract. Can build in travel expenses with the rate. This is a 2-3 month contract.

MUST HAVE SECRET CLEARANCE

Job Title: Splunk SOAR Engineer

We are seeking a talented and driven Splunk SOAR Engineer to design, develop, and maintain automation solutions that streamline and accelerate our security operations. In this role, you will leverage Splunk SOAR (formerly Phantom) to create robust, scalable playbooks, integrate diverse security tools, and drive automation for threat detection, investigation, and response. This is a hands-on technical role that sits at the intersection of security and engineering.

Key Responsibilities Design, build, and optimize automated playbooks using Splunk SOAR to support incident response and threat management.

Develop and maintain integrations with security tools (e.g., EDR, SIEM, threat intel platforms, firewalls, ticketing systems).

Automate repetitive SOC tasks such as enrichment, triage, response, and remediation actions.

Collaborate with SOC analysts, engineers, and incident responders to identify use cases for automation.

Write custom scripts and connectors (primarily in Python) to extend platform functionality.

Integrate SOAR platform with Splunk.

Maintain documentation for all playbooks, integrations, and processes.

Monitor and troubleshoot playbook performance and execution issues.

Support ongoing optimization and tuning of automation workflows for accuracy, speed, and reliability.

Stay informed of emerging threats and best practices in security orchestration and automation.

Qualifications

Required: 2 5 years of experience in a security engineering or SOC environment.

1+ year of hands-on experience with Splunk SOAR (Phantom) or another SOAR platform.

Strong scripting skills in Python.

Experience creating and deploying playbooks or automated workflows.

Familiarity with REST APIs and integrations with security tools (e.g., EDRs, SIEMs, threat intel, AD, firewalls).

Understanding of security operations and incident response procedures.

Excellent problem-solving skills and attention to detail. Preferred:

Splunk SOAR Certified Automation Developer or similar certification.

Experience with Splunk ES or other SIEM platforms.

Knowledge of common security frameworks (MITRE ATT&CK, NIST, etc.).

Experience working with ServiceNow, Jira, or other ITSM platforms.

ECCO Select is committed to hiring and retaining a diverse workforce. ECCO Select s policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category.

Equal Employment Opportunity is The Law

This Organization Participates in E-Verify

Job Tags

Similar Jobs