SOAR Engineer, Mid
Your growth matters to us - explore our career development opportunities.
Support a mature Security Operations Center by engineering, automating, and optimizing incident response capabilities across the enterprise. Design, implement, and maintain Splunk SOAR playbooks to streamline analyst workflows, reduce manual effort, and improve response consistency. Develop and maintain phishing automation pipelines using Cofense Triage and Splunk SOAR, ensuring rapid triage, enrichment, and disposition of email‑based threats. Provide cybersecurity architecture and engineering support across initiatives such as Zero‑Trust, TIC 3.0, endpoint detection and response (EDR), and secure access service edge (SASE), contributing to the design and enhancement of enterprise security controls. Collaborate closely with SOC analysts, IR teams, and security architects to strengthen detection, response, and automation capabilities while the organization’s overall security posture.
You Have:
- 2+ years of experience in cybersecurity engineering, incident response, or SOC support, including with Splunk automation, orchestration, or security tooling
- Experience implementing or maintaining SOAR playbooks
- Experience with Splunk Enterprise Security for development of detection analytics
- Experience engineering, optimizing, and supporting phishing analysis or automation workflows
- Experience with enterprise security technologies, such as EDR, SIEM, firewalls, or identity security platforms
- Knowledge of incident response processes, including triage, enrichment, containment, and documentation
- Knowledge of Zero Trust principles, TIC 3.0 concepts, or modern security architecture frameworks
- Ability to write clear technical documentation, playbooks, and engineering procedures for SOC and IR teams
- Ability to collaborate with analysts, engineers, and leadership
- Public Trust
- Bachelor’s degree
Nice If You Have:
- Experience with Splunk Enterprise data onboarding, correlation searches, and dashboard development
- Experience with SASE architecture, secure remote access, or cloud-based security controls
- Experience with automation scripting, such as Python, PowerShell, or Bash, to support SOAR or IR workflows
- Knowledge of threat intelligence enrichment, indicator management, and automated response logic
- Knowledge of NIST 800 61, MITRE ATT&CK, or other IR frameworks
- Possession of excellent oral and written communication skills
- Splunk SOAR Certified Automation Developer, Splunk Core Certified Power User or Admin, CySA+, GIAC Certified Incident Handler (GCIH), or CISSP Certification
Vetting:
Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client; Public Trust determination is required.
Compensation
Salary range: $69,400 – $158,000 (annualized USD). Benefits include health, life, disability, financial, retirement, paid leave, professional development, tuition assistance, work‑life programs, and dependent care. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs.
Identity Statement
As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model
Our people‑first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
- If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
- If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.
Commitment to Non‑Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.
#J-18808-Ljbffr