Splunk SaaS/SOAR Engineer

Introduction

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your role and responsibilities

Duties:

• Design, deploy, and manage the Splunk SaaS platform, including data ingestion, search optimization, and dashboard creation.

• Implement SOAR solutions to automate incident response tasks, integrating with other security tools.

• Develop custom playbooks, rules, and alerts to enhance threat detection and response efficiency.

• Perform continuous tuning and optimization of Splunk SaaS and SOAR systems to improve performance and security posture.

• Work closely with SOC teams to define automation use cases and integrate solutions that enhance security operations.

• Provide troubleshooting and technical support for Splunk SaaS and SOAR-related issues.

• Create and maintain comprehensive documentation for Splunk SaaS configurations, SOAR playbooks, and related workflows.

Required technical and professional expertise

• CISSP or equivalent certification.

• Splunk administration, including designing, configuring, and maintaining the platform.

• Experience with SOAR platforms (e.g., Splunk Phantom, Demisto, or others) and automation of security workflows.

• Strong scripting skills (Python, Bash, PowerShell, etc.) for developing custom automation and integration solutions.

• Familiarity with SIEM tools and integration of security data sources.

• Ability to obtain and maintain a security clearance from the US federal government.

Preferred technical and professional experience

• Splunk Certifications

• Experience in cloud security tools and platforms (AWS, Azure, etc.).

• Prior experience with government security frameworks, such as FedRAMP or NIST.

• Knowledge of machine learning techniques for use in security analytics.

• Splunk certifications (Splunk Certified Admin, Splunk Certified Architect).

• Experience with threat intelligence tools and their integration into SOAR solutions.

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.