Senior SOAR Engineer

Job Title: Senior SOAR Engineer

Location: Arlington VA

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Apavo is at the forefront of cybersecurity providing services to military defense and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality and communication. We value positive candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment Apavo is the place for you.

Job Purpose:

The Senior SOAR Engineer supports a critical mission-focused role by designing implementing and optimizing Security Orchestration Automation and Response (SOAR) capabilities to enhance cyber defense operations. This role is responsible for leading the development of automated workflows playbooks and integrations that improve incident response efficiency reduce analyst workload and strengthen overall security posture. The Senior SOAR Engineer will collaborate closely with Security Operations Center (SOC) teams threat intelligence engineering and system owners to ensure seamless integration of automation solutions within existing security architectures.

In this role you are expected to provide senior-level technical expertise in automation strategy orchestration design and response optimization. The Senior SOAR Engineer will drive continuous improvement of incident response processes by aligning automation initiatives with industry best practices federal security standards and mission requirements. This includes ensuring automation frameworks support compliance obligations enhance visibility across enterprise systems and provide measurable operational impact while maintaining alignment with organizational cybersecurity objectives.

Duties & Responsibilities:

Senior SOAR Engineer responsibilities include but are not limited to:

• Serve as the primary architect and technical expert for SOAR technologies (e.g. Palo Alto XSOAR Splunk SOAR IBM SOAR Microsoft Sentinel automation).
• Lead design and development of new SOAR playbooks integrations automation and workflows.
• Maintain platform health performance scalability and high availability.
• Collaborate with cross-functional teams to translate business requirements into technical specifications.
• Implement best practices for automation governance version control and deployment processes.
• Mentor support and guide engineers through code reviews technical discussions and career development.
• Build and optimize automated solutions for incident triage enrichment containment remediation and reporting.
• Develop custom connectors and integrations via APIs Python scripting or vendor SDKs.
• Identify repetitive SOC tasks and convert them into automation opportunities.
• Ensure automations meet security compliance and operational requirements.
• Enhance IR workflows with automated threat intelligence vulnerability data and detection signals.
• Troubleshoot automation failures workflow issues and data ingestion problems.
• Support major incident response activities by leveraging SOAR-driven orchestrations.
• Other duties as assigned.

The Senior SOAR Engineer is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies.

Other:

This is typical office or administrative work and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift carry push pull or otherwise move objects including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race religion age color sex disability status national origin genetics sexual orientation protected veteran status gender expression gender identity or any other characteristic protected under federal state and/or local laws.

Consistent with the Americans with Disabilities Act (ADA) it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment including the application process. If reasonable accommodation is needed please contact Apavo Human Resources at or

Employment with Apavo Corporation is on an at-will basis meaning either you or the Company can terminate the employment relationship at any time for any or no reason and with or without cause or notice. As an at-will employee your employment with Apavo Corporation is not guaranteed for any length of time.

Qualifications:

• Bachelors degree in information technology Cyber Security or other related fields.
• 8 years of professional experience in cybersecurity with at least 5 years dedicated to SOAR engineering or automation including 3 years working in a classified and air-gapped environment and 2 years in a technical leadership role.
• DOD Top Secret clearance with the ability to obtain an SCI and CI Polygraph
• IAT III or higher-level certification required
• At least one of the following certifications: PCAP PCPP PCCSE GCIH GSOC GMON GCIA GCDA GCFA or GCTI is preferred.
• At least one platform-specific SOAR certification: XSOAR Splunk Sentinel is preferred.
• Strong hands-on experience with at least one major SOAR platform (e.g. XSOAR Splunk SOAR IBM SOAR Swimlane Tines Sentinel Logic Apps).
• Proficiency in Python for automation and integrations.
• Deep understanding of system architecture data structures and algorithms.
• Strong understanding of SOC operations detection engineering and IR processes.
• Experience working with REST APIs webhooks JSON YAML and automation frameworks.
• Advanced troubleshooting and problem-solving across complex enterprise networks.
• Knowledge of classified/unclassified government network requirements NIST DISA STIGs and other cybersecurity frameworks.
• Effective collaboration with cross-functional teams including security systems engineering and program management.
• Experience with multiple operating systems (Windows Linux and MacOS).
• Deep understanding of common security technologies (EDR SIEM firewalls TIPs IAM cloud security).
• Strong understanding of vulnerability requirements system STIGing RMF and ATO life cycle best practices.
• Familiarity with DevOps/GitOps tools (Git CI/CD pipelines).
• Familiarity with SIEM and SOAR solutions (XSOAR Swimlane Splunk Cortex XDR QRadar etc.).
• Experience with cloud platforms (AWS Azure GCP) and cloud automation.
• Knowledge of scripting beyond Python (PowerShell Bash).