Posted today
Top Secret/SCI
$120,000 - $150,000
Polygraph
IT - Security
Reston, VA (On-Site/Office)
Splunk SOAR Cyber Automation Engineer
Location: College Park, MD; Washington, DC; Reston, VA
Required Clearance: Active TS/SCI with polygraph eligibility
Employment Type: Full-Time Regular
Shift: Day
Travel: No
Relocation Assistance: Yes
Company Overview
We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver.
Job Description
Ennoble First is seeking a Splunk SOAR Cyber Automation Engineer to support the deployment, operation, and sustainment of enterprise security orchestration, automation, and response capabilities. This role focuses on implementing and maintaining Splunk SOAR (formerly Phantom) platforms to automate incident response workflows, enrich alerts, and improve response speed and consistency across complex Government cybersecurity environments.
The Splunk SOAR Cyber Automation Engineer works closely with SOC analysts, detection engineers, and platform teams to ensure automation workflows align with operational requirements and support Zero Trust and enterprise cybersecurity initiatives.
Primary Responsibilities
Required Qualifications
Education
Associate's degree and 5+ years of experience supporting IT projects and activities, or
Bachelor's degree and 3+ years of experience supporting IT projects and activities, or
Master's degree and 1+ year of experience supporting IT projects and activities
Years of experience may be accepted in lieu of degree.
Certifications
DoD 8570.01-M Information Assurance Technician (IAT) Level II certification (e.g., Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND)
Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support certification (e.g., CEH, CHFI, CFR, Cloud+, or CND) within 30 days of start date.
Preferred Qualifications
Compensation
Salary range: $120,000 - $150,000
The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered include responsibilities of the role, education, experience, knowledge, skills, internal equity, alignment with market data, and applicable laws.
Equal Employment Opportunity
Ennoble First is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any characteristic protected by law.
E-Verify Participation
Ennoble First participates in E-Verify. Learn more at www.dhs.gov/E-Verify.
E-Verify is a registered trademark of the U.S. Department of Homeland Security.
Ennoble First is committed to providing a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Ennoble First participates in E-Verify.
The information below will be listed on our website's careers landing page.
EEO is the Law | Pay Transparency Nondiscrimination
www.dhs.gov/E-Verify
E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.
Location: College Park, MD; Washington, DC; Reston, VA
Required Clearance: Active TS/SCI with polygraph eligibility
Employment Type: Full-Time Regular
Shift: Day
Travel: No
Relocation Assistance: Yes
Company Overview
We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver.
Job Description
Ennoble First is seeking a Splunk SOAR Cyber Automation Engineer to support the deployment, operation, and sustainment of enterprise security orchestration, automation, and response capabilities. This role focuses on implementing and maintaining Splunk SOAR (formerly Phantom) platforms to automate incident response workflows, enrich alerts, and improve response speed and consistency across complex Government cybersecurity environments.
The Splunk SOAR Cyber Automation Engineer works closely with SOC analysts, detection engineers, and platform teams to ensure automation workflows align with operational requirements and support Zero Trust and enterprise cybersecurity initiatives.
Primary Responsibilities
- Deploy, configure, operate, and sustain Splunk SOAR platforms in enterprise Government environments
- Design, develop, and maintain automated playbooks to support incident response, alert enrichment, containment, and remediation
- Integrate Splunk SOAR with SIEM, EDR, IDS/IPS, vulnerability management, threat intelligence, and ticketing platforms
- Develop custom scripts and connectors to extend automation and enrichment capabilities
- Monitor platform health, automation execution, and system performance
- Perform upgrades, patching, configuration changes, and lifecycle maintenance
- Troubleshoot automation failures, integration issues, and workflow performance problems
- Collaborate with SOC and cyber operations teams to identify automation opportunities and improve response processes
- Develop and maintain technical documentation, runbooks, and operational procedures
- Support Zero Trust initiatives through automated detection and response workflows
Required Qualifications
- 5+ years of experience supporting cybersecurity engineering, security operations, or incident response
- 3+ years of experience deploying or administering SOAR platforms, including Splunk SOAR (Phantom) or similar tools
- 2+ years of experience deploying, hosting, monitoring, and securing solutions for Government customers
- Strong understanding of incident response processes, alert triage, and automated remediation
- Experience developing automation using Python or similar scripting languages
- Experience integrating security platforms using APIs and native connectors
- Active TS/SCI clearance with polygraph eligibility
Education
Associate's degree and 5+ years of experience supporting IT projects and activities, or
Bachelor's degree and 3+ years of experience supporting IT projects and activities, or
Master's degree and 1+ year of experience supporting IT projects and activities
Years of experience may be accepted in lieu of degree.
Certifications
DoD 8570.01-M Information Assurance Technician (IAT) Level II certification (e.g., Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND)
Ability to obtain a DoD 8570.01-M Cybersecurity Service Provider - Infrastructure Support certification (e.g., CEH, CHFI, CFR, Cloud+, or CND) within 30 days of start date.
Preferred Qualifications
- Hands-on experience developing Splunk SOAR playbooks in production environments
- Experience supporting SOC or cyber mission operations
- Familiarity with Splunk Enterprise Security and Splunk data models
- Experience supporting DoD or Intelligence Community environments
- Security certifications such as GCIH, GCED, CISSP, or similar
Compensation
Salary range: $120,000 - $150,000
The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered include responsibilities of the role, education, experience, knowledge, skills, internal equity, alignment with market data, and applicable laws.
Equal Employment Opportunity
Ennoble First is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any characteristic protected by law.
E-Verify Participation
Ennoble First participates in E-Verify. Learn more at www.dhs.gov/E-Verify.
E-Verify is a registered trademark of the U.S. Department of Homeland Security.
Ennoble First is committed to providing a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Ennoble First participates in E-Verify.
The information below will be listed on our website's careers landing page.
EEO is the Law | Pay Transparency Nondiscrimination
www.dhs.gov/E-Verify
E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.
group id: 90783838
At Ennoble First, we’re proud to serve and partner with leading federal agencies—including the DoD, NGA, U.S. Air Force, U.S. Army, DIA, Department of State, and U.S. Cyber Command—as well as trusted industry innovators like AWS, Lockheed Martin, Northrop Grumman, Booz Allen, CACI, Leidos, and Splunk. Together, we deliver secure, agile IT solutions that advance intelligence, defense, healthcare, and national security. What sets us apart is our people. We believe in empowering bold thinkers, fostering collaboration, and creating an environment where health, family, and work stay in balance. We embrace diverse perspectives, encourage innovation, and ensure every team member feels supported and connected. When you join Ennoble First, you’re not just filling a role—you’re becoming part of a community that values you, challenges you, and helps you grow while making an impact on missions of national importance.
