Security Engineer - Splunk Engineer - SOAR (m/f/d) REMOTE

Syntax is a leading Managed Cloud Provider for Mission Critical Enterprise Applications and has been providing comprehensive technology solutions to businesses of all sizes since 1972. Syntax has undisputed strength to implement and manage ERP deployments (Oracle, SAP) in a secure and resilient private, public or hybrid cloud. With strong technical and functional consulting services, and world-class monitoring and automation, Syntax serves some of North America’s largest corporations across a diverse range of industries. Syntax has offices worldwide, and partners with Oracle, SAP, AWS, Microsoft, IBM and other global technology leaders.

Position Summary: We are seeking a Junior to Mid-Level Security Engineer with a specialization in Splunk SOAR to join our team. We are seeking a highly skilled and motivated Security Engineer with Splunk SOAR experience to lead the engineering, development, and optimization of our Splunk SOAR platform. This individual will serve as the technical subject matter expert responsible for integrating, automating, and orchestrating security operations processes to enhance our detection, response, and remediation capabilities. The ideal candidate has strong experience in security automation, Python scripting, and hands-on knowledge of security tools and APIs.

In this technical role, you will be an integral part of a globally distributed team responsible for managing and advancing our Splunk environment. The ideal candidate is proactive, organized, and detail-oriented, with a strong desire to learn and solve complex challenges independently and in a team.  You will be the Splunk SOAR SME, as well as contributing to the overall success of the Splunk Enterprise/Enterprise Security deployment.

Primary Responsibilities:

·         Serve as the primary SME for all aspects of Splunk SOAR, including design, implementation, maintenance, and troubleshooting.

·         Develop and maintain SOAR playbooks to automate repetitive security operations tasks and incident response workflows.

·         Integrate Splunk SOAR with various third-party security technologies (e.g., CrowdStrike, Cisco, Qualys, Cloudflare, ServiceNow).

·         Collaborate with SOC, threat intel, and engineering teams to identify  automation use cases.

·         Maintain documentation for playbooks, integrations, and workflows.

·         Ensure reliability, performance, and scalability of the SOAR platform.

·         Lead troubleshooting and root cause analysis for failed playbook executions and integrations.

·         Support operational teams during security incidents by improving playbooks and implementing real-time automations.

·         Evaluate and implement best practices for data handling, enrichment, and alert triage within the SOAR framework.

Ideal Candidate Attributes: 

·         Attention to detail and a methodical approach to problem solving. 

·         Strong organizational skills and ability to manage multiple ongoing tasks. 

·         Eagerness to self-educate, research new technologies, and apply knowledge to real-world challenges. 

·         Comfortable working both independently and collaboratively in a global team.

Required Qualifications:

·         3+ years of hands-on experience with Splunk SOAR (formerly Phantom) in an enterprise environment.

·         Strong Python development experience (required for playbook and app development).

·         Proven experience integrating SOAR with security tools using REST APIs, Python modules, or app connectors.

·         Solid understanding of incident response workflows, security event triage, and automation best practices.

·         Deep knowledge of common security tools and platforms (EDR, SIEM, IDS/IPS, vulnerability scanners, etc.).

·         Experience with Splunk Core and Enterprise Security (basic familiarity at minimum).

·         Strong analytical and troubleshooting skills.

·         Excellent proficiency in English, both written and verbal. 

·         Self-starter with a strong sense of ownership and accountability.

·         Ability to work effectively with minimal supervision. 

·         Project-oriented mindset with a consistent, organized work approach.

Preferred Qualifications: 

·         Splunk SOAR Certified Automation Developer (or equivalent certification).

·         Experience with version control (Git), CI/CD for playbook deployments.

·         Familiarity with JSON, XML, and structured data manipulation.

·         Experience working in MSP/MSSP or multi-tenant environments.

·         Experience with ITSM tools like ServiceNow.

Why Join Us?

· A collaborative and security-minded engineering team

· Opportunities for growth and technical advancement

· Flexible work arrangements

· Support for certification and continuing education

· Clear paths for growth and advancement as you develop your skills and expertise.

Benefits

• Flexible hours, Monday to Thursday 8h, and Fridays.... 6h. In addition, the whole month of August and the first half of September we have an intensive timetable. 28 days holiday (23 days holiday + 4 days at Christmas from 15 December to 15 January + 1 day for your birthday)! 
• Windows laptop for work (Dell or Lenovo)!
• Apple or Android smartphone...you choose!
• Two lovely offices with a nice garden to relax and have a coffee
• Free coffee and soft drinks
• Kitchen facilities 
• Medical insurance with Sanitas
• Training: Free AWS and SAP certifications, internal workshops and free access to Linkedin E-learning
• Free online English, German, Spanish or French classes through a platform 
• Online Canteen 2.0

If you are passionate about technology, eager to learn, and ready to take on new challenges, we’d love to hear from you!