The Opportunity:
Support a mature Security Operations Center by engineering, automating, and optimizing incident response capabilities across the enterprise. Design, implement, and maintain Splunk SOAR playbooks to streamline analyst workflows, reduce manual effort, and improve response consistency. Develop and maintain phishing automation pipelines using Cofense Triage and Splunk SOAR, ensuring rapid triage, enrichment, and disposition of email‑based threats. Provide cybersecurity architecture and engineering support across initiatives such as Zero‑Trust, TIC 3.0, endpoint detection and response (EDR), and secure access service edge (SASE), contributing to the design and enhancement of enterprise security controls. Collaborate closely with SOC analysts, IR teams, and security architects to strengthen detection, response, and automation capabilities while advancing the organization’s overall security posture.
You Have:
2+ years of experience in cybersecurity engineering, incident response, or SOC support, including with Splunk automation, orchestration, or security tooling
Experience implementing or maintaining SOAR playbooks
Experience with Splunk Enterprise Security for development of detection analytics
Experience engineering, optimizing, and supporting phishing analysis or automation workflows
Experience with enterprise security technologies, such as EDR, SIEM, firewalls, or identity security platforms
Knowledge of incident response processes, including triage, enrichment, containment, and documentation
Knowledge of Zero Trust principles, TIC 3.0 concepts, or modern security architecture frameworks
Ability to write clear technical documentation, playbooks, and engineering procedures for SOC and IR teams
Ability to collaborate with analysts, engineers, and leadership
Public Trust
Bachelor's degree
Nice If You Have:
Experience with Splunk Enterprise data onboarding, correlation searches, and dashboard development
Experience with SASE architecture, secure remote access, or cloud-based security controls
Experience with automation scripting, such as Python, PowerShell, or Bash, to support SOAR or IR workflows
Knowledge of threat intelligence enrichment, indicator management, and automated response logic
Knowledge of NIST 800 61, MITRE ATT&CK, or other IR frameworks
Possession of excellent oral and written communication skills
Splunk SOAR Certified Automation Developer, Splunk Core Certified Power User or Admin, CySA+, GIAC Certified Incident Handler (GCIH), or CISSP Certification
Vetting:
Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client; Public Trust determination is required.
Compensation
At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.
Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $69,400.00 to $158,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.Identity Statement
As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.