SOAR Automation Engineer

About the position Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. This SOAR Automation Engineer role supports a large U.S. federal agency by designing, implementing, and scaling security automation capabilities across a complex enterprise environment. The role is centered on Splunk Phantom (Splunk SOAR) and focuses on automating security operations, improving response and investigation workflows, and integrating AI-enabled enrichment using Azure AI services where appropriate. This is a hands-on technical role with strategic influence, combining deep engineering work with ownership of automation design and continuous improvement across SOC workflows. This is a W2 contract, fully remote (CONUS only) role, supporting a large federal agency. Prior federal contracting experience is preferred. U.S. Citizenship or Permanent Residency is required. Responsibilities • Design, build, and maintain SOAR automation using Splunk Phantom • Develop and enhance automated playbooks to support detection, response, and investigation workflows • Integrate SOAR with SIEM, security tools, cloud platforms, and on-prem systems • Apply AI-enabled enrichment and decision support using Azure AI services • Lead automation design decisions and guide SOC teams on effective SOAR usage • Improve dashboards, metrics, and operational visibility tied to automated workflows • Collaborate with security analysts, engineers, and stakeholders to identify automation opportunities • Operationalize and scale automation across the security lifecycle • Ensure reliability, maintainability, and documentation of automation solutions Requirements • 4+ years of experience building and supporting SOAR / security automation solutions in enterprise environments • Hands-on experience with Splunk Phantom (Splunk SOAR) • Strong background in security workflow automation and playbook development • Experience integrating cloud and on-premise systems via APIs • Working familiarity with Azure AI services and applied AI use cases in cybersecurity • Strong problem-solving and analytical skills • Ability to collaborate across technical and non-technical teams • Excellent written and verbal communication skills • Bachelor’s degree in a cyber-related field or equivalent experience/certifications Nice-to-haves • Federal cybersecurity environments • SOC operations and incident response workflows • Python or scripting for automation • SIEM integration (Splunk Enterprise / Splunk ES) • Familiarity with NIST cybersecurity frameworks Benefits • Insurance – health, dental, and vision • Paid Time Off (PTO) and 11 Federal Holidays • 401(k) employer match Apply tot his job