Splunk SOAR developer

Splunk SOAR developer

Location: Columbus, OH

Duration: Fulltime

Roles & Responsibilities :

Key Skills-

Splunk Phantom (SOAR).

Python development – Proficiency in Python programming language.

Splunk SimpleXML or web development (JavaScript, CSS).

Splunk app & add-on development.

Splunk data modelling.

Splunk Enterprise / Splunk Cloud.

Python, REST API.

Jira, ServiceNow, Palo Alto, CrowdStrike, VirusTotal, MISP, etc.

Git (for version control of playbooks/scripts.

Roles & Responsibilities:

Playbook Development:

Design, develop, test, and deploy playbooks using the Splunk SOAR visual editor or Python.

Translate incident response procedures into automated workflows.

Optimize and refine existing playbooks for performance and efficiency.

Integration & App Development:

6+ years of hands on experience with designing/development of splunk applications.

Advanced Splunk analytics and the development of custom Splunk applications.

Splunk data integrations with business-critical enterprise applications and systems.

Translating feedback from the business to Splunk technical requirement and solutions.

Develop specialized Splunk Security and Compliance applications, add-ons, data models, dashboards, content using Python, Splunk SPL, Splunk SimpleXML (OR JavaScript, CSS), Bash.

Develop custom Splunk applications and Add-Ons for inclusion of access events per use case criteria.

Develop and configure integrations with third-party security tools (EDR, firewalls, threat intel platforms, ticketing systems, etc.).

Build custom apps or modify existing ones using REST APIs and Python to enhance SOAR capability.

Automation Strategy & Implementation:

Work with stakeholders to identify use cases for automation.

Lead end-to-end implementation of SOAR use cases from design to production.

Security Incident Handling:

Assist in real-time incident response by using SOAR to correlate, triage, and respond to alerts.

Create response templates and automated reports for incidents.

Platform Management:

Maintain and administer the Splunk Phantom platform, including upgrades, performance tuning, and health checks.

Monitor system logs and troubleshoot issues related to connectivity, app execution, or workflow failure.

Documentation & Reporting:

Document playbooks, scripts, and integrations.

Generate reports on SOAR activity, performance metrics, and automation ROI.

Collaboration & Training:

Train SOC staff and other stakeholders on SOAR usage and capabilities.

Collaborate with Splunk SIEM and threat intelligence teams for cohesive operations.