Responsibilities

• Design, develop, and optimize SOAR playbooks using the visual editor and Python to automate incident response.
• Build and customize apps, dashboards, and data models using Python, SPL, SimpleXML/JavaScript. Integrate with tools like Jira, ServiceNow, Palo Alto, CrowdStrike, and VirusTotal.
• Identify and implement new use cases for SOAR automation, aligning with stakeholder requirements.
• Automate alert triage and response processes; support real-time incident resolution.
• Maintain and troubleshoot the Splunk Phantom platform, ensuring performance and availability.
• Work closely with SOC and threat intel teams, and train staff on SOAR functionalities.
• Document all playbooks and integrations; generate performance reports and automation ROI metrics.

Required Skills

• Splunk SOAR (Phantom) platform expertise
• Python development, REST APIs
• Splunk Enterprise / Cloud, SimpleXML, app & add-on development
• Experience with EDR, firewalls, threat intel platforms (e.g., MISP, CrowdStrike, Palo Alto)
• Familiarity with Git, Jira, ServiceNow

Posted By