- Collaborate with stakeholders to understand, analyze, and refine Splunk SOAR automation requirements specifications

- Pull key systems like AD, DHCP, and Splunk data into SOAR playbooks and support process automation through complex calls into Splunk indexes

- Integrate Splunk with SOAR for efficiency i.e., reducing manual steps/workflows

- Lead knowledge transfer sessions on general SOAR development best practices

- Develop playbooks aligned to the MITRE framework (ATT&CK & D3fend)

- Work in an Agile-based delivery model with aggressive timelines

Required Skills Splunk ES & Splunk SOAR :

- 5+ years of experience in the MDR space with at least 2+ years in automation development using SOAR, Python, and Splunk

- Strong proficiency in Palo Alto Splunk SOAR platform, Python programming, and Splunk Query Language

- Hands-on experience with RESTful APIs, JSON, XML, and other data formats

- Strong understanding of cybersecurity concepts, principles, and best practices

- In-depth knowledge of the MITRE framework and other threat modelling frameworks

- Experience in creating summary indexes and matrix indices

- Expertise in Splunk data model development

- Experience with Splunk field extractions and regular expressions

- Development of Splunk knowledge objects including event types and macro creation

- Proven experience in SOAR integrations

- Ability to configure and manage Incident Types, Incident Fields, Classifications, and Mappings

- Strong capability to build new or modify existing SOAR playbooks, including generic and nested playbooks

- Experience using playbooks within playbooks for complex automation requirements

- Hands-on experience with Threat Intelligence Management (TIM) features in SOAR

- Familiarity with version control systems, testing, and debugging tools

- Excellent communication, collaboration, and problem-solving skills