Role: Splunk SOAR Developers
Primary Location: Charlotte, NC
Secondary Locations: Denver, CO; Chicago, IL; Jersey City, NJ; Addison, TX
Work Arrangement: Hybrid
Interview Type: Webcam/Onsite
Position type: W2 (Direct hire)
Note: Local profiles to client locations or within commutable distance only. ID & address proof is required.
Must Have:
-Splunk SOAR Development experience.
-Candidates need involved experience with SOAR. Splunk experience by itself will not be enough, and only basic SOAR experience will probably not be enough.
-Splunk SOAR is a product that used to be called Phantom (may be able to search for Phantom engineers).
-Enterprise Python Experience.
-Customization in SOAR is done in Python.
-Python experience needs to be in an enterprise environment with other team members.
-Python experience is an indicator of SOAR experience. No python would mean the candidate probably hasn't worked deeply enough in SOAR.
-Enterprise experience.
-A huge differentiator for strong candidates is the size of the company and the team they're on. The HM wants candidates who have received formal training in an enterprise setting.
-Enterprise development experience.
-Security experience will be important. It's not necessarily a must-have, but most SOAR candidates should have security experience due to the nature of the work.
-Financial experience.
Potential alternative skills:
-Enterprise python development experience along with security experience AND a willingness to learn Splunk SOAR.
-Cortex XSOAR (Palo Alto SOAR equivalent).
-Database experience (no specific database). Ability to write a query.
-Kafka experience.
Job Description:
Work with stakeholders directly to build, design, deliver, re-write, and maintain efficient, reusable, and reliable security automations using Splunk SOAR. This role is highly detail oriented and will require hands-on knowledge of programming languages, APIs, and integrations.
Key Responsibilities:
Review API documentation and connect third-party services to the SOAR platform.
This role will be responsible for the whole lifecycle of an automation playbook, from requirements gathering and -planning to design, testing, implementation, and maintenance.
Create detailed technical documentation regarding to your orchestration.
Collaborate with other internal teams as part of setting up SOAR integrations.
Follow all change management processes and requirements as part of setting up SOAR integrations.
Skills & Requirements:
A Total of 10 to 15. years of overall experience.
2+ years of hands-on experience in Splunk SOAR, including writing playbooks and troubleshooting.
2+ years of hands-on experience using Splunk for both searching/data analysis and for passing data to SOAR.
Strong programming skills in Python.
Proficiency with Git.
Experience working with REST and other third-party API integrations.
Strong understanding of IT security concepts and practices.
Familiarity with enterprise change management.
Strong deductive reasoning and critical thinking skills.
Strong organization skills.
Experience with Scrum or other agile development methodologies.