Splunk SOAR Engineer

About Us
Venatore is a woman-owned small business headquartered in Tampa, Florida, providing mission-driven technology and professional services to federal defense and civilian agencies. We deliver expertise in information technology, engineering, logistics, and program support to help our clients achieve operational excellence and mission success.

About the Job
Venatore is seeking a Splunk SOAR Engineer to support U.S. Central Command (USCENTCOM) operations by designing, implementing, and optimizing enterprise-level Security Orchestration, Automation, and Response (SOAR) capabilities. This role is responsible for transforming manual incident response processes into scalable, automated workflows that accelerate threat detection, containment, and remediation. The Splunk SOAR Engineer will lead the full lifecycle of platform architecture, integration, content development, and performance optimization while collaborating closely with SOC analysts, threat hunters, and incident response teams. An active TS/SCI clearance is required.

Responsibilities

Platform Architecture & Engineering

• Design, deploy, document, and maintain distributed Splunk SOAR (Phantom) platform architecture to ensure high availability, scalability, and performance.
• Support system upgrades, patching, and performance tuning across the SOAR infrastructure.
• Provide advanced troubleshooting and resolution of platform issues and playbook execution errors.
• Adhere to security best practices and compliance requirements within the operational environment.

Playbook Development & Automation

• Develop, customize, and maintain complex SOAR playbooks using Python and the Phantom Playbook Editor for automated enrichment, triage, containment, and remediation of security incidents (e.g., phishing, malware, unauthorized access).
• Translate manual security procedures into robust, automated workflows aligned with SecOps best practices.
• Establish and track automation metrics, including utilization rates, automation coverage, and Mean Time to Respond (MTTR) improvements.

Integration & Interoperability

• Integrate Splunk SOAR with Splunk Enterprise Security (ES) and other core security technologies, including EDR/XDR platforms, firewalls, vulnerability scanners, threat intelligence platforms, and ticketing systems.
• Develop custom apps and integrations to connect proprietary or unsupported security tools using RESTful APIs and custom connectors.
• Manage and optimize data flow between Splunk ES and Splunk SOAR to ensure effective event-triggered automation actions.

Collaboration & Documentation

• Partner with SOC analysts, threat hunters, and incident response teams to gather requirements and document workflows.
• Develop and maintain detailed technical documentation for platform configurations, integrations, and automation content.
• Provide training and mentorship to SOC staff on SOAR usage, content development, and automation best practices.
• Evaluate and integrate emerging security technologies and threat intelligence feeds into the automation ecosystem.

Required Qualifications

• Active TS/SCI security clearance.
• U.S. citizenship.
• Applicable DoD 8140 or DoD 8570 certification.
• 8+ years of related experience in security engineering or security operations.
• Hands-on expertise with Splunk SOAR (Phantom) administration, configuration, and maintenance in a distributed enterprise environment.
• Advanced proficiency in Python scripting for playbook development, custom apps, and integrations.
• Proven experience integrating SOAR platforms with Splunk Enterprise Security (ES), SIEMs, EDR/XDR tools, and other security technologies.
• Strong understanding of security operations principles, incident response lifecycles, and threat detection methodologies.
• Experience working with RESTful APIs and developing tool connectors.
• Proficiency in data manipulation, log parsing, and understanding of the Common Information Model (CIM) in a security context.
• Strong verbal and written communication skills with the ability to convey complex automation concepts to technical and non-technical audiences.

Preferred Qualifications

• Familiarity with cloud security logging, containerization (Docker/Kubernetes), and CI/CD pipelines for playbook deployment.
• Knowledge of the MITRE ATT&CK framework and its application in automated detection and response use cases.
• Experience using Git or other version control systems for SOAR content management.
• Familiarity with network protocols, Windows and Linux operating systems, and enterprise security architecture components.
• Splunk Enterprise Security Certified Admin or Architect certification.
• Splunk SOAR (Phantom) Certified Content Developer or Administrator certification.
• Experience with other SOAR platforms (e.g., Palo Alto Cortex XSOAR, IBM Resilient).
• Experience supporting USCENTCOM or multi-domain defense security operations environments.
• ITIL 4 Foundation certification.

Benefits
Venatore offers a competitive benefits package designed to support the well-being of our employees, including:

• Paid Time Off (PTO)
• 10 Federal Holidays
• 401(k) with company matching
• Medical, dental, and vision insurance
• Paid parental leave
• Paid military leave

Venatore is an equal opportunity employer and considers qualified applicants without regard to disability or protected veteran status.