Senior Cyber Security Engineer, SOAR (Remote)

Job Summary

We are seeking a Senior Cybersecurity Engineer to lead the management and advancement of our Splunk SOAR (Security Orchestration, Automation, and Response) platform. In this role, you will design, implement, and maintain automated workflows to enhance threat detection, investigation, and incident response across the CHS environment. As a key member of the SOC, you will drive automation innovation to strengthen CHS's proactive security posture. Additionally, you will provide secondary support for Splunk SIEM activities, such as Detection Engineering. You will be responsible for integrating diverse data sources to enrich alerts, developing and optimizing playbooks for automated investigations, managing the end-to-end case management lifecycle, and maintaining integrations between CHS and our Managed Security Services Provider (MSSP). This role also involves partnering with internal stakeholders to streamline security operations and ensure a proactive security posture.

As a Senior Cybersecurity Engineer, you are expected to have advanced knowledge in the responsibilities listed below, gained through both education and extensive work experience. You can be trusted to work independently with limited supervision, and can help define best practices and strategy for your areas of responsibility. You can train lower level professionals, and can effectively coach.

Essential Functions

• Design well-structured, reusable playbooks with proper version control and collaboration workflows.

• Integrate threat intelligence feeds and maintain integrations between Splunk SOAR and external systems, including Managed Security Services Provider (MSSP) tools.

• Automate enrichment of alerts with contextual data to improve investigation speed and quality.

• Automate repetitive incident response tasks to accelerate triage and reduce analyst fatigue.

• Provide secondary support to the SIEM and Detection Engineering team by assisting with alert tuning, data onboarding, correlation logic, and maintaining detection rule integrity.

• Develop a standardized process for onboarding and validating new data sources and tools.

• Securely manage and maintain custom apps, scripts, and integrations used within SOAR.

• Implement strict security controls across the SOAR environment, including access management, encryption, and credential protection.

• Define, document, and prioritize actionable, high-impact use cases for automation.

• Automatically document actions taken during incidents for compliance, audit, and retrospective analysis.

• Regularly gather feedback from analysts to refine playbooks and improve automation relevance.

• Ensure SOAR workflows comply with healthcare regulations.

• Mentor SOC, SIEM, and SOAR staff on best practices and automation techniques.

• Track and report key metrics such as MTTR, playbook usage, and alert volume to demonstrate value.

Qualifications

• Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or related field

• 5+ years of cybersecurity experience

• 3+ years working in SIEM, SOAR, Case Management, and Incident Response tools

• Activities:

• Proven experience in Splunk SIEM, Splunk SOAR, Automation/Orchestration, Database/Storage Knowledge, Documentation and Reporting, Threat Intelligence Integration, and Incident Response Tools

• Demonstrated proficiency with Python, PowerShell, Bash, API/RESTful Services, MITRE ATT&CK, MITRE D3FEND, and MIRE Engage

• Familiarity with network and cloud security platforms: Splunk, EDR, Email, Firewall, Vulnerability, Networking, and Cloud tools

• Preferred:

• DevOps and Engineering

• Version Control

• Experience building and deploying automation through CI/CD pipelines

• Containerization/Cloud: Basic knowledge of Docker, Kubernetes, or GCP for platform deployment or integration

Licenses and Certifications (Preferred)

• Splunk SOAR Certified Automation Developer, Splunk Certified Cybersecurity Defense Analyst, Splunk Certified Cybersecurity Defense Engineer, Splunk Enterprise Security Certified Admin, SANS SEC598, SANS SEC555, CISSP

Equal Employment Opportunity

This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to to obtain the main telephone number of the facility and ask for Human Resources.