Genesis10 · 5 hours ago
Splunk SOAR Developer
Chicago, IL
Full-time
Hybrid
Senior Level
$70.25/hr - $78.25/hr
5+ years expGenesis10 is currently seeking a Splunk SOAR Developer with our client in the financial industry. The role involves designing and implementing automations and integrations using Splunk SOAR, as well as collaborating with security operations teams to enhance incident response capabilities.
Information TechnologyInformation Services
Responsibilities
Design & implement playbooks for phishing, malware triage, threat client enrichment, VIP account protections, user lockouts, EDR containment, firewall updates, cloud response, and ticket lifecycle automation
Develop custom Splunk SOAR apps (integrations) using Python to interact with REST APIs, webhooks, OAuth2 flows, and vendor SDKs (e.g., EDR, email security, IAM, cloud, firewalls)
Harden and scale automations: add idempotency, robust error handling, retries/backoff, caching, and distributed execution; reduce runtime and failures
Own integration health: monitor connectors, troubleshoot failures, resolve API changes/rate limits, and maintain credentials/key vault hygiene
Partner with SOC/IR: capture requirements, translate manual runbooks into automations, run UAT, measure impact, and iterate
Data handling: parse/transform JSON, enrich IOCs, normalize artifacts/containers, write result cards and evidence to Splunk ES/notebooks/tickets
Quality & governance: version control (Git), code reviews, CI/CD for playbook promotion across dev/test/prod; maintain documentation and runbooks
Metrics & reporting: define KPIs (MTTD/MTTR reduction, automation coverage, savings hours, error rate), publish dashboards, and drive continuous improvement
Security best practices: least privilege for service accounts, secrets management, audit logging, and change control (CAB) for high‐impact workflows
Support: participate in an on‐call or pager rotation (if required) for critical automations experience
Qualification
Required
5-7 years' developing in Splunk SOAR (Phantom) with a portfolio of production playbooks and custom apps
Advanced Python (3.x): requests, async patterns, exception handling, data parsing, unit testing, packaging
Strong knowledge of security operations and common use cases: phishing, EDR triage/containment, sandboxing, TI enrichment, IAM actions, cloud remediation, firewall rules
Hands‐on experience integrating with several of: CrowdStrike, Defender, Carbon Black, Okta/Azure AD, Proofpoint/M365, Palo Alto/Fortinet, VirusTotal, Recorded Future, ServiceNow/Jira, AWS/Azure/GCP
Proficiency with REST APIs (auth, pagination, rate limits), JSON, and Postman/Swagger
Git workflows; promoting artifacts across environments with approvals and rollback plans
Understanding of Splunk ES, notable events, adaptive responses, and alert pipelines
Excellent documentation, stakeholder communication, and requirements gathering
Benefits
Access to hundreds of clients, most who have been working with Genesis10 for 5-20+ years.
The opportunity to have a career-home in Genesis10; many of our consultants have been working exclusively with Genesis10 for years.
Access to an experienced, caring recruiting team (more than 7 years of experience, on average.)
Behavioral Health Platform
Medical, Dental, Vision
Health Savings Account
Voluntary Hospital Indemnity (Critical Illness & Accident)
Voluntary Term Life Insurance
401K
Sick Pay (for applicable states/municipalities)
Commuter Benefits (Dallas, NYC, SF and Illinois)
Company
Genesis10
Information Technology and Services
1001-5000 employees
H1B Sponsorship
Genesis10 has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (126)
2024 (68)
2023 (20)
2022 (2)
2021 (13)
2020 (29)
Funding
Current Stage
Late StageLeadership Team
Harley Lippman
CEO and Founder
Company data provided by crunchbase