Vidorra Consulting Group
SOAR (Phantom) Developer
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a SOAR (Phantom) Developer with a contract length of "unknown," offering a pay rate of "$X per hour." Key skills include 5+ years of Splunk Enterprise experience, 2+ years of SOAR development, proficiency in Python, and relevant certifications.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
Unknown
-
🗓️ - Date
January 14, 2026
🕒 - Duration
Unknown
-
🏝️ - Location
Unknown
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
Baltimore, MD
-
🧠 - Skills detailed
#Data Ingestion #GIT #JSON (JavaScript Object Notation) #Security #DevOps #XML (eXtensible Markup Language) #Programming #Linux #REST (Representational State Transfer) #Data Management #Compliance #Kubernetes #Cybersecurity #Containers #Scripting #Docker #Automation #Version Control #Indexing #SQL (Structured Query Language) #Python #Normalization #Splunk #API (Application Programming Interface) #Bash #REST API #"ETL (Extract #Transform #Load)" #Redis
Role description
Role Descriptions: SOAR Development AutomationoDesign| develop| and maintain playbooks in Splunk SOAR (Phantom).
Automate SOC workflows and integrate SOAR with ITsecurity systems| ticketing platforms| and threat intelligence feeds.
Refine and optimize automation for speed| efficiency| and accuracy.Splunk Engineering Maintenance
Administer and optimize Splunk Enterprise across distributed environments.
Apply Splunk best practices for indexing| data models| knowledge objects| and search performance.
Monitor Splunk health| scaling| and redundancy.Data Management Integration
Manage data ingestion pipelines using Cribl for routing| filtering| and transformation.
Use Redis for caching| enrichment| and high-speed data lookups in automation workflows.
Develop SQL-based integrations for correlation| enrichment| and reporting.
Ensure seamless integration of APIs| third-party tools| and security services into Splunk and SOAR.Security IT Collaboration
Align Splunk and SOAR capabilities with SOC detection and response requirements.
Apply security and IT architecture patterns (event-driven workflows| identity management| log aggregation).
Essential Skills
Splunk X Years (Im thinking 5) years of Splunk Enterprise with multi-TB daily ingest| advanced knowledge of SPL| search optimization| and object management|Soar Development
Minimum 2 years of hands on Splunk SOAR (Phantom) development
Experience in designing and deploying playbooks.
Data management and Integration Proficiency with Cribl| Redis| SQL for management| ingestion| enrichment and correlation of data.
Experience integrating with REST APIs handling authentication including OAuth and keys.Scripting and programming
Strong knowledge of Python including JSON XML Parsing| API requests and regex. Plus|
familiarity with PowerShell and Bash.Solid grasp of Cyber SOC operations and cybersecurity fundamentals.
Proficiency in UnixLinux administrations| networking topology and authentication systems.
Capability of mapping MITRE ATTACK tactics and techniques to playbook design and development.
Understanding of code repos and version control (Git)
Splunk Certified Admin and SOAR Developer certification.
Nice to have(s)Treat intelligence integration such as TAXII MISP and Recorded Future.
Understanding of data life cycle (Compliance| retention policies| normalization)
Previous experience with upgrading Splunk enterpriseExperience with Splunk MLTK| UBA and| ITSI
Familiarity with DevOps containers (Dockers| Kubernetes)Knowledge of Zero Trust framework.
Role Descriptions: SOAR Development AutomationoDesign| develop| and maintain playbooks in Splunk SOAR (Phantom).
Automate SOC workflows and integrate SOAR with ITsecurity systems| ticketing platforms| and threat intelligence feeds.
Refine and optimize automation for speed| efficiency| and accuracy.Splunk Engineering Maintenance
Administer and optimize Splunk Enterprise across distributed environments.
Apply Splunk best practices for indexing| data models| knowledge objects| and search performance.
Monitor Splunk health| scaling| and redundancy.Data Management Integration
Manage data ingestion pipelines using Cribl for routing| filtering| and transformation.
Use Redis for caching| enrichment| and high-speed data lookups in automation workflows.
Develop SQL-based integrations for correlation| enrichment| and reporting.
Ensure seamless integration of APIs| third-party tools| and security services into Splunk and SOAR.Security IT Collaboration
Align Splunk and SOAR capabilities with SOC detection and response requirements.
Apply security and IT architecture patterns (event-driven workflows| identity management| log aggregation).
Essential Skills
Splunk X Years (Im thinking 5) years of Splunk Enterprise with multi-TB daily ingest| advanced knowledge of SPL| search optimization| and object management|Soar Development
Minimum 2 years of hands on Splunk SOAR (Phantom) development
Experience in designing and deploying playbooks.
Data management and Integration Proficiency with Cribl| Redis| SQL for management| ingestion| enrichment and correlation of data.
Experience integrating with REST APIs handling authentication including OAuth and keys.Scripting and programming
Strong knowledge of Python including JSON XML Parsing| API requests and regex. Plus|
familiarity with PowerShell and Bash.Solid grasp of Cyber SOC operations and cybersecurity fundamentals.
Proficiency in UnixLinux administrations| networking topology and authentication systems.
Capability of mapping MITRE ATTACK tactics and techniques to playbook design and development.
Understanding of code repos and version control (Git)
Splunk Certified Admin and SOAR Developer certification.
Nice to have(s)Treat intelligence integration such as TAXII MISP and Recorded Future.
Understanding of data life cycle (Compliance| retention policies| normalization)
Previous experience with upgrading Splunk enterpriseExperience with Splunk MLTK| UBA and| ITSI
Familiarity with DevOps containers (Dockers| Kubernetes)Knowledge of Zero Trust framework.
