SOAR Automation Engineer (Splunk Phantom)

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

This SOAR Automation Engineer role supports a large U.S. federal agency by designing, implementing, and scaling security automation capabilities across a complex enterprise environment. The role is centered on Splunk Phantom (Splunk SOAR) and focuses on automating security operations, improving response and investigation workflows, and integrating AI-enabled enrichment using Azure AI services where appropriate.

This is a hands-on technical role with strategic influence, combining deep engineering work with ownership of automation design and continuous improvement across SOC workflows.

This is a W2 contract, fully remote (CONUS only) role, supporting a large federal agency. Prior federal contracting experience is preferred.

U.S. Citizenship or Permanent Residency is required.

Responsibilities:

• Design, build, and maintain SOAR automation using Splunk Phantom
• Develop and enhance automated playbooks to support detection, response, and investigation workflows
• Integrate SOAR with SIEM, security tools, cloud platforms, and on-prem systems
• Apply AI-enabled enrichment and decision support using Azure AI services
• Lead automation design decisions and guide SOC teams on effective SOAR usage
• Improve dashboards, metrics, and operational visibility tied to automated workflows
• Collaborate with security analysts, engineers, and stakeholders to identify automation opportunities
• Operationalize and scale automation across the security lifecycle
• Ensure reliability, maintainability, and documentation of automation solutions

Must-Have

• 4+ years of experience building and supporting SOAR / security automation solutions in enterprise environments
• Hands-on experience with Splunk Phantom (Splunk SOAR)
• Strong background in security workflow automation and playbook development
• Experience integrating cloud and on-premise systems via APIs
• Working familiarity with Azure AI services and applied AI use cases in cybersecurity
• Strong problem-solving and analytical skills
• Ability to collaborate across technical and non-technical teams
• Excellent written and verbal communication skills
• Bachelor’s degree in a cyber-related field or equivalent experience/certifications

Nice-To-Have

• Federal cybersecurity environments
• SOC operations and incident response workflows
• Python or scripting for automation
• SIEM integration (Splunk Enterprise / Splunk ES)
• Familiarity with NIST cybersecurity frameworks

• Expertise in SOAR and AI technologies.

• Strong technical and analytical skills.

• Ability to work collaboratively with security teams.

• Proficiency in developing automated security workflows.

• Experience with cloud and on-premise system integration.

• Strong communication and planning abilities.

• Problem-solving and critical thinking skills.

• Familiarity with cybersecurity frameworks and standards.

• Insurance – health, dental, and vision

• Paid Time Off (PTO) and 11 Federal Holidays

• 401(k) employer match