Position Description
We are seeking a highly skilled and motivated Cybersecurity Operations Automation Specialist to join our GSOC Security Technology Operations team. In this role, you will be responsible for designing, developing, deploying, and maintaining automation workflows using Splunk SOAR (formerly Phantom) to enhance incident response, threat intelligence, and security operations.
You will collaborate closely with SOC analysts, Threat Intel, and detection engineering teams to streamline security processes and enable rapid, consistent, and effective threat mitigation.
This position requires strong technical expertise in security operations, scripting and automation, and deep hands-on experience with Splunk SOAR or other similar SOAR platforms.
Your future duties and responsibilities
- Design, develop, and maintain Splunk SOAR playbooks to automate SOC processes
- Integrate Splunk SOAR with various security tools and data sources such as SIEMs, EDRs, threat intelligence platforms, and ticketing systems.
- Collaborate with GSOC and IR teams to understand operational needs and convert them into automation use cases.
- Optimize and troubleshoot playbook performance and connector configurations.
- Implement and enforce security best practices and operational procedures within the SOAR platform.
- Assist in the creation of documentation, user guides, and training material for playbook usage and SOAR operations.
- Conduct regular reviews of playbook performance and suggest improvements based on KPIs and incident handling feedback.
Required qualifications to be successful in this role
- 5 to 8+ years of experience in cybersecurity, preferably in a SOC or incident response environment.
- 4+ years of hands-on experience working with Splunk SOAR (Phantom) including playbook development and administration.
- Proficiency in Python scripting and REST APIs for automation tasks and integrations.
- Strong knowledge of security tools and technologies (e.g., SIEM, EDR, firewalls, threat intel, vulnerability management).
- Experience with Splunk ES or similar SIEM platforms.
- Familiarity with MITRE ATT&CK, threat modeling, and incident response workflows.
Professional Skills:
- Strong analytical and problem-solving skills.
- Excellent communication skills and ability to work collaboratively with cross-functional teams.
- Detail-oriented with a focus on automation quality and operational efficiency.
- Experience in agile or DevSecOps environments is a plus.
Preferred Certifications (not mandatory):
- Splunk SOAR Certified Automation Developer
- Splunk Core Certified Power User / Admin
- GIAC Certified Incident Handler (GCIH), CEH, or similar certifications
#LI-AB19
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Come join our team—one of the largest IT and business consulting services firms in the world.
