Booz Allen Hamilton
SOAR Engineer, Mid
Your growth matters to us - explore our career development opportunities.
Support a mature Security Operations Center by engineering, automating, and optimizing incident response capabilities across the enterprise. Design, implement, and maintain Splunk SOAR playbooks to streamline analyst workflows, reduce manual effort, and improve response consistency. Develop and maintain phishing automation pipelines using Cofense Triage and Splunk SOAR, ensuring rapid triage, enrichment, and disposition of email‑based threats. Provide cybersecurity architecture and engineering support across initiatives such as Zero‑Trust, TIC 3.0, endpoint detection and response (EDR), and secure access service edge (SASE), contributing to the design and enhancement of enterprise security controls. Collaborate closely with SOC analysts, IR teams, and security architects to strengthen detection, response, and automation capabilities while the organization’s overall security posture.
You Have:
2+ years of experience in cybersecurity engineering, incident response, or SOC support, including with Splunk automation, orchestration, or security tooling
Experience implementing or maintaining SOAR playbooks
Experience with Splunk Enterprise Security for development of detection analytics
Experience engineering, optimizing, and supporting phishing analysis or automation workflows
Experience with enterprise security technologies, such as EDR, SIEM, firewalls, or identity security platforms
Knowledge of incident response processes, including triage, enrichment, containment, and documentation
Knowledge of Zero Trust principles, TIC 3.0 concepts, or modern security architecture frameworks
Ability to write clear technical documentation, playbooks, and engineering procedures for SOC and IR teams
Ability to collaborate with analysts, engineers, and leadership
Public Trust
Bachelor’s degree
Nice If You Have:
Experience with Splunk Enterprise data onboarding, correlation searches, and dashboard development
Experience with SASE architecture, secure remote access, or cloud-based security controls
Experience with automation scripting, such as Python, PowerShell, or Bash, to support SOAR or IR workflows
Knowledge of threat intelligence enrichment, indicator management, and automated response logic
Knowledge of NIST 800 61, MITRE ATT&CK, or other IR frameworks
Possession of excellent oral and written communication skills
Splunk SOAR Certified Automation Developer, Splunk Core Certified Power User or Admin, CySA+, GIAC Certified Incident Handler (GCIH), or CISSP Certification
Vetting: Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client; Public Trust determination is required.
Compensation Salary range: $69,400 – $158,000 (annualized USD). Benefits include health, life, disability, financial, retirement, paid leave, professional development, tuition assistance, work‑life programs, and dependent care. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model Our people‑first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.
Commitment to Non‑Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr
Support a mature Security Operations Center by engineering, automating, and optimizing incident response capabilities across the enterprise. Design, implement, and maintain Splunk SOAR playbooks to streamline analyst workflows, reduce manual effort, and improve response consistency. Develop and maintain phishing automation pipelines using Cofense Triage and Splunk SOAR, ensuring rapid triage, enrichment, and disposition of email‑based threats. Provide cybersecurity architecture and engineering support across initiatives such as Zero‑Trust, TIC 3.0, endpoint detection and response (EDR), and secure access service edge (SASE), contributing to the design and enhancement of enterprise security controls. Collaborate closely with SOC analysts, IR teams, and security architects to strengthen detection, response, and automation capabilities while the organization’s overall security posture.
You Have:
2+ years of experience in cybersecurity engineering, incident response, or SOC support, including with Splunk automation, orchestration, or security tooling
Experience implementing or maintaining SOAR playbooks
Experience with Splunk Enterprise Security for development of detection analytics
Experience engineering, optimizing, and supporting phishing analysis or automation workflows
Experience with enterprise security technologies, such as EDR, SIEM, firewalls, or identity security platforms
Knowledge of incident response processes, including triage, enrichment, containment, and documentation
Knowledge of Zero Trust principles, TIC 3.0 concepts, or modern security architecture frameworks
Ability to write clear technical documentation, playbooks, and engineering procedures for SOC and IR teams
Ability to collaborate with analysts, engineers, and leadership
Public Trust
Bachelor’s degree
Nice If You Have:
Experience with Splunk Enterprise data onboarding, correlation searches, and dashboard development
Experience with SASE architecture, secure remote access, or cloud-based security controls
Experience with automation scripting, such as Python, PowerShell, or Bash, to support SOAR or IR workflows
Knowledge of threat intelligence enrichment, indicator management, and automated response logic
Knowledge of NIST 800 61, MITRE ATT&CK, or other IR frameworks
Possession of excellent oral and written communication skills
Splunk SOAR Certified Automation Developer, Splunk Core Certified Power User or Admin, CySA+, GIAC Certified Incident Handler (GCIH), or CISSP Certification
Vetting: Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client; Public Trust determination is required.
Compensation Salary range: $69,400 – $158,000 (annualized USD). Benefits include health, life, disability, financial, retirement, paid leave, professional development, tuition assistance, work‑life programs, and dependent care. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs.
Identity Statement As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model Our people‑first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.
Commitment to Non‑Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr