CyberSecurity/SOAR Developer

Job Description


We are not just offering a job but a meaningful career! Come join our passionate team!

As a Fortune 50 company, we hire the best employees to serve our customers, making us a leader in the insurance and financial services industry. State Farm embraces diversity and inclusion to ensure a workforce that is engaged, builds on the strengths and talents of all associates, and creates a Good Neighbor culture.

We offer competitive benefits and pay with the potential for an annual financial award based on both individual and enterprise performance. Our employees have an opportunity to participate in volunteer events within the community and engage in a learning culture. We offer programs to assist with tuition reimbursement, professional designations, employee development, wellness initiatives, and more!

Visit our Careers page for more information on our benefitslocations and the process of joining the State Farm team!


This opening is for a Developer on the Self-Defending Infrastructure (SDI) team within the CyberSecurity Defense Center. This team owns the Splunk Phantom platform which helps protects State Farm from cyber events/incidents through Security Automation, Orchestration and Remediation (SOAR). The team has three primary goals: 1) Support and deliver a fully automated self-service SOAR platform, 2) Grow automation knowledge and skills across the Information Security department and 3) Provide on-going consulting for consumers of the platform.

The platform is designed to make automation easy for consumers through a drag and drop interface. It also takes advantage of a strong marketplace for vendor developed and open source applet for integration with other security solutions. The applets and automation actions are python driven. The most qualified analysts approach software development with security as a core principle, have solid python skills, work well in a team environment and are passionate about learning.

How You’ll Make an Impact:

  • Build tools to assist with the automation of common analysts tasks such as threat intelligence lookups, malware analysis, reporting and sample analysis.
  • Build tools to assist with the automation of large datasets and platform automation (SIEM etc.).
  • Build tools to support CyberSecurity initiatives such as threat hunting, behavioral analytic and other advanced analysis.


  • Partner closely with members of the CyberSecurity Defense Center to identify, design and integrate automated response solutions across multiple security tools/technologies
  • Utilizes secure coding practices as a guiding principle in all application development
  • Applies an expert understanding of development tools, processes, applications, programming languages and environments to assignments
  • Enables solution modernization activities through design and development related work items
  • Analyze existing workflows to identify and prioritize automation opportunities
  • Provides highest level of support for problem and issue resolution
  • Champion and provide guidance with an innovative mind set to deliver product solutions
  • Conducts research and integrates industry best practices into processes and potential solutions
  • Drives required product testing practices and solutions to ensure product quality
  • Practical experience with agile methodologies and continuous integration environments


Required Skills:

  • Having an automation mindset with the ability to influence others on the power of automation
  • Experience utilizing continuous integration/development (CI/CD) tools (Git Lab, pipelines) to manage and deliver software changes
  • Ability to design, code, and deploy software and security solutions
  • Proficient in Python and usage of common libraries to build solutions
  • Experience with other coding languages such as Python, SQL, PowerShell, bash, etc.
  • Strong oral and written communication skills with the ability to communicate complex, technical knowledge
  • Strong understanding of secure API integration techniques
  • Understanding of Flask, State Farm’s Container as a Service (CaaS) infrastructure, Docker and Kubernetes
  • Participation in peer reviews of code and providing feedback/enhancement recommendations
  • Ability to understand/support/enhance existing Python solutions running on Splunk Phantom platform

Desired Skills:

  • Working knowledge of Splunk Phantom or other Security Orchestration, Automation and Remediation (SOAR) platforms
  • Experience using Elasticsearch, Logstash, Kibana (ELK stack) for integration, troubleshooting and dashboarding
  • Desire to grow cloud knowledge with a focus on AWS and Azure
  • Security-related degree or certification
  • Advanced knowledge of cyber security concepts
  • Technical investigation skills and/or experience

****Applicants are required to be eligible to lawfully work in the U.S. immediately; employer will not sponsor applicants for U.S. work authorization (e.g. H-1B visa) for this opportunity*****

More Information

Apply for this job

Leave your thoughts