Job Description
About the position Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. This SOAR Automation Engineer role supports a large U.S. federal agency by designing, implementing, and scaling security automation capabilities across a complex enterprise environment. The role is centered on Splunk Phantom (Splunk SOAR) and focuses on automating security operations, improving response and investigation workflows, and integrating AI-enabled enrichment using Azure AI services where appropriate.
This is a hands-on technical role with strategic influence, combining deep engineering work with ownership of automation design and continuous improvement across SOC workflows. This is a W2 contract, fully remote (CONUS only) role, supporting a large federal agency. Prior federal contracting experience is preferred. U.S. Citizenship or Permanent Residency is required. Responsibilities β’ Design, build, and maintain SOAR automation using Splunk Phantom β’ Develop and enhance automated playbooks to support detection, response, and investigation workflows β’ Integrate SOAR with SIEM, security tools, cloud platforms, and on-prem systems β’ Apply AI-enabled enrichment and decision support using Azure AI services β’ Lead automation design decisions and guide SOC teams on effective SOAR usage β’ Improve dashboards, metrics, and operational visibility tied to automated workflows β’ Collaborate with security analysts, engineers, and stakeholders to identify automation opportunities β’ Operationalize and scale automation across the security lifecycle β’ Ensure reliability, maintainability, and documentation of automation solutions Requirements β’ 4+ years of experience building and supporting SOAR / security automation solutions in enterprise environments β’ Hands-on experience with Splunk Phantom (Splunk SOAR) β’ Strong background in security workflow automation and playbook development β’ Experience integrating cloud and on-premise systems via APIs β’ Working familiarity with Azure AI services and applied AI use cases in cybersecurity β’ Strong problem-solving and analytical skills β’ Ability to collaborate across technical and non-technical teams β’ Excellent written and verbal communication skills β’ Bachelorβs degree in a cyber-related field or equivalent experience/certifications Nice-to-haves β’ Federal cybersecurity environments β’ SOC operations and incident response workflows β’ Python or scripting for automation β’ SIEM integration (Splunk Enterprise / Splunk ES) β’ Familiarity with NIST cybersecurity frameworks Benefits β’ Insurance β health, dental, and vision β’ Paid Time Off (PTO) and 11 Federal Holidays β’ 401(k) employer match Apply tot his job