Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Splunk SOAR Automation Developer at Cywarden Inc
Remote, Oregon, USA -
Full Time

Start Date

Immediate

Expiry Date

28 Nov, 25

Salary

0.0

Posted On

29 Aug, 25

Experience

6 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Power User, Web Development, Analytics, Soar, Orchestration, Platforms

Industry

Information Technology/IT

Description

JOB OVERVIEW

We are seeking a Splunk SOAR (Phantom) Certified Automation Developer to design, build, and manage security automation workflows that enhance SOC efficiency and incident response capabilities. The role involves developing and deploying playbooks in Splunk SOAR using Python and the visual editor, integrating with SIEM, EDR, firewalls, ticketing systems, and threat intelligence platforms to streamline alert triage, threat enrichment, and remediation.

REQUIRED QUALIFICATIONS:

  • **Splunk SOAR Certified Automation Developer certification(Mandatory).
  • Strong Python scripting skills and hands-on experience with REST APIs.
  • 3+ years of experience in SOC/IR automation and Splunk SOAR playbook development.
  • Practical experience in integrating SOAR with third-party tools and platforms.

PREFERRED QUALIFICATIONS:

  • Splunk Enterprise Security Certified Admin.
  • Splunk Core Certified Power User or Advanced Power User.
  • Experience with app/add-on development, SimpleXML, or web development (JavaScript, CSS).
  • Knowledge of orchestration across hybrid and multi-cloud environments.
  • 6+ years of hands-on experience with Splunk applications, analytics, and data integrations (preferred for senior profiles).
    Job Type: Full-time

License/Certification:

  • Splunk SOAR Certified Automation Developer (Required)

Work Location: Remot
Responsibilities
  • Design, develop, test, and deploy playbooks in Splunk SOAR (Phantom) using the visual editor and Python.
  • Automate SOC workflows for incident response, threat intelligence enrichment, and alert triage.
  • Integrate Splunk SOAR with SIEM (Splunk ES), ticketing systems (Jira, ServiceNow), and security tools (EDR, firewalls, threat intel platforms like CrowdStrike, Palo Alto, VirusTotal, MISP).
  • Develop and maintain custom apps, add-ons, and integrations using Python, REST APIs, and Git for version control.
  • Optimize and refine existing playbooks for performance, scalability, and efficiency.
  • Support advanced Splunk analytics, data modeling, and custom app development using Python, SPL, SimpleXML (or JavaScript, CSS).
  • Maintain and administer the Splunk Phantom platform including upgrades, troubleshooting, performance tuning, and health monitoring.
  • Collaborate with SOC and engineering teams to identify automation opportunities and lead end-to-end implementation of SOAR use cases.
  • Document playbooks, integrations, and workflows; generate reports on SOAR performance and automation ROI.