Security Operations Automation Specialist (SOAR)

We are seeking a highly skilled and motivated Security Operations Automation Specialist (SOAR). to join our GSOC Security Technology Operations team. In this role, you will be responsible for designing, developing, deploying, and maintaining automation workflows using Splunk SOAR (formerly Phantom) to enhance incident response, threat intelligence, and security operations.

You will collaborate closely with SOC analysts, Threat Intel, and detection engineering teams to streamline security processes and enable rapid, consistent, and effective threat mitigation.

This position requires strong technical expertise in security operations, scripting and automation, and deep hands-on experience with Splunk SOAR or other similar SOAR platforms.

Your future duties and responsibilities :

• Design, develop, and maintain Splunk SOAR playbooks to automate SOC processes
• Integrate Splunk SOAR with various security tools and data sources such as SIEMs, EDRs, threat intelligence platforms, and ticketing systems.
• Collaborate with GSOC and IR teams to understand operational needs and convert them into automation use cases.
• Optimize and troubleshoot playbook performance and connector configurations.
• Implement and enforce security best practices and operational procedures within the SOAR platform.
• Assist in the creation of documentation, user guides, and training material for playbook usage and SOAR operations.
• Conduct regular reviews of playbook performance and suggest improvements based on KPIs and incident handling feedback.

Required qualifications to be successful in this role :

Technical Qualifications :

• 5 to 8+ years of experience in cybersecurity, preferably in a SOC or incident response environment.
• 4+ years of hands-on experience working with Splunk SOAR (Phantom) including playbook development and administration.
• Proficiency in Python scripting and REST APIs for automation tasks and integrations.
• Strong knowledge of security tools and technologies (e.g., SIEM, EDR, firewalls, threat intel, vulnerability management).
• Experience with Splunk ES or similar SIEM platforms.
• Familiarity with MITRE ATT&CK, threat modeling, and incident response workflows.

Professional Skills :

• Strong analytical and problem-solving skills.
• Excellent communication skills and ability to work collaboratively with cross-functional teams.
• Detail-oriented with a focus on automation quality and operational efficiency.
• Experience in agile or DevSecOps environments is a plus.

Preferred Certifications (not mandatory) :

• Splunk SOAR Certified Automation Developer
• Splunk Core Certified Power User / Admin
• GIAC Certified Incident Handler (GCIH), CEH, or similar certifications