Playbook Developer
Description:
Total Exp: 8-10 Years.
Key Responsibilities:
Playbook Development: o Design, develop, test, and deploy playbooks using the Splunk SOAR visual editor or Python.
Translate incident response procedures into automated workflows.
Optimize and refine existing playbooks for performance and efficiency.
Integration & App Development:
6+ years of hands-on experience with designing/development of Splunk applications.
Advanced Splunk analytics and the development of custom Splunk application so Splunk data integrations with business-critical enterprise applications and systems.
Translating feedback from the business to Splunk technical requirement and solutions.
Develop specialized Splunk Security and Compliance applications, add-ons, data models, dashboards.
content using Python, Splunk SPL, Splunk Simple XML (OR JavaScript, CSS), Bash.
Develop custom Splunk applications and Add-Ons for inclusion of access events per use case criteria.
Develop and configure integrations with third-party security tools (EDR, firewalls, threat intel platforms, ticketing systems, etc.).
Build custom apps or modify existing ones using REST APIs and Python to enhance SOAR capability.
Automation Strategy & Implementation:
Work with stakeholders to identify use cases for automation.
Lead end-to-end implementation of SOAR use cases from design to production.
Security Incident Handling:
Assist in real-time incident response by using SOAR to correlate, triage, and respond to alerts.
Create response templates and automated reports for incidents.
Platform Management:
Maintain and administer the Splunk Phantom platform, including upgrades, performance tuning, and health checks.
Monitor system logs and troubleshoot issues related to connectivity, app execution, or workflow failure.
Documentation & Reporting:
Document playbooks, scripts, and integrations.
Generate reports on SOAR activity, performance metrics, and automation ROI.
Collaboration & Training:
Train SOC staff and other stakeholders on SOAR usage and capabilities.
Collaborate with Splunk SIEM and threat intelligence teams for cohesive operations.
Key Skills-
Splunk Phantom (SOAR)o Python development.
Proficiency in Python programming language.
Splunk Simple XML or web development (JavaScript, CSS).
Splunk app & add-on development
Splunk data modelling. Splunk Enterprise / Splunk Cloud. Python, REST API.
Jira, ServiceNow, Palo Alto, CrowdStrike, Virus Total, MISP, etc.
Git (for version control of playbooks/scripts. Skills : Splunk Phantom (SOAR)o Python Development., Proficiency In Python Programming Language., Splunk Simple XML Or Web Development (JavaScript, CSS)., Splunk Data Modelling. Splunk Enterprise / Splunk Cloud. Python, REST API..
Contract