Splunk SOAR Developer

Splunk SOAR Developer

Location: Chicago, IL 60661 OR Denver, CO
Work Model: 100% Onsite (No Remote)
Duration: 12+ Month Contract
Interview Process: WebEx Interview + Onsite Interview Required
Industry: Financial Services

Job Overview

We are seeking an experienced Splunk SOAR Developer to design, develop, and scale security automations in a high-availability enterprise SOC environment. The ideal candidate will have strong hands-on experience with Splunk SOAR (Phantom), advanced Python development, and deep knowledge of security operations workflows.

This role requires full onsite presence in Chicago, IL or Denver, CO.

Key Responsibilities

• Design and implement automated playbooks for:
• Phishing investigations
• Malware triage
• Threat intelligence enrichment
• VIP account protections
• EDR containment
• Firewall updates
• Cloud response
• Ticket lifecycle automation
• Develop custom Splunk SOAR apps/integrations using Python
• Integrate with REST APIs, webhooks, OAuth2, and vendor SDKs
• Improve automation reliability (error handling, retries, caching, scaling)
• Monitor and troubleshoot connector health and API integrations
• Collaborate with SOC and Incident Response teams to automate manual workflows
• Parse and transform JSON data, normalize artifacts, enrich IOCs
• Maintain CI/CD pipelines and version control using Git
• Define KPIs (MTTD/MTTR improvements, automation coverage, error rates)
• Follow security best practices (least privilege, secrets management, audit logging)
• Participate in on-call rotation (if required)

Required Skills & Experience

• 5 7 years of hands-on experience with Splunk SOAR (Phantom)
• Advanced Python (3.x) programming skills
• Experience building production-grade playbooks and custom integrations
• Strong knowledge of security operations (SOC/IR workflows)
• Experience integrating with tools such as:
  CrowdStrike, Microsoft Defender, Carbon Black, Okta, Azure AD, Proofpoint, M365, Palo Alto, Fortinet, VirusTotal, Recorded Future, ServiceNow, Jira, AWS, Azure, Google Cloud Platform
• Proficiency with:
• REST APIs (authentication, pagination, rate limits)
• JSON parsing
• Postman / Swagger
• Git workflows
• CI/CD promotion across dev/test/prod
• Understanding of:
• Splunk Enterprise Security (ES)
• Notable events
• Adaptive response frameworks
• Alert pipelines
• Strong documentation and stakeholder communication skills