Splunk SOAR SME

We are looking for a Splunk Soar Expert to support a large federal client. This position will be responsible for designing, implementing, and maintaining automation workflows that improve the efficiency, accuracy, and speed of our security operations using Splunk SOAR. You will work closely with our SOC team, threat analysts, detection engineers and incident responders to orchestrate effective threat detection and response strategies.

**Due to the nature of the contract and work, US Citizenship is required**

• Design, develop, and maintain playbooks and automation workflows in Splunk SOAR.
• Integrate Splunk SOAR with various security tools (EDR, SIEM, firewalls, threat intel platforms, etc.).
• Work with SOC and incident response teams to identify use cases for automation.
• Tune and optimize existing playbooks for performance, reliability, and accuracy.
• Ensure Splunk SOAR is operating efficiently, with regular updates, health checks, and backup management.
• Develop and maintain custom apps and connectors using Python and REST APIs.
• Provide training, documentation, and guidance to SOC analysts on using Splunk SOAR tools and features.
• Support incident response activities by enabling automated detection and response processes.
• Continuously evaluate new technologies, scripts, and integrations to improve the SOAR platform.

• BS degree from an accredited university in Computer Science, Engineering, or a related field
• 5+ years experience in cyber security.
• 3+ years in Splunk SOAR
• U.S. Citizenship is required
• Splunk Experience 
  • Demonstrated experience with Splunk SOAR
  • Develop and maintain quality queries, dashboards, custom views, saved searches and alerts for internal technical operations team business application owners
  • Experience with Splunk Enterprise Security and SIEM based event management and incident response

• Other Experience
  • Expert in Python and REST API integration
  • Understanding of a variety of detection strategies and how to implement them in a large enterprise organization
  • Understanding of MITRE ATT&CK and how to map detection coverage
  • DevOps best practices using modern CI/CD pipelines
  • Ability to work both independently and collaboratively with cross-functional teams

Strong communication and documentation skills

Desired:

• Relevant Splunk certifications
• Experience writing detections 
• Familiarity with a variety of EDR, SIEM, Cloud and Network based cybersecurity tools
• Previous experience working in a 24x7 SOC environment
• Previous experience in Incident Response roles
• Cybersecurity automation and scripting using Python
• Tool integration and event correlation with differing API’s

Additional Benefits:

• Paid Time Off & Holiday Pay
• Medical Insurance
• Dental Insurance
• Vision Insurance
• Disability, Life Insurance, and AD&D
• Flexible Spending Accounts
• Pre-Tax 401K and/or After-Tax Roth IRA (with employer matching contribution)
• Tuition and Technical Training Reimbursement
• Exercise Reimbursement
• Computer Reimbursement
• Employee Assistance Program

About Us: 

Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2024.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law. #LI-KC1