Senior Splunk Developer - Cyber Security (IAM & PAM Automation and API Integration)

Lead Infrastr Engineer

Splunk Developer   IAM  PAM Automation, API Integration and Telemetry

Job Description

Position Overview
We are seeking an experienced Splunk Developer with a strong foundational understanding of Identity and Access Management  IAM   and Privileged Access Management  PAM   principles. This role will design and implement logging, ing, automation, and observability capabilities supporting a large enterprise identity ecosystem.

The ideal candidate has experience integrating Splunk with IAM  PAM tools such as Microsoft Entra, ServiceNow, SailPoint, CyberArk, and Active Directory, and can leverage APIs to build automated workflows, s, dashboards, and data pipelines. This role will work closely with our PAM Architect, Power Automate developers, and Power BI developers to create a unified monitoring and automation capability for Tier 1 support operations.

Key Responsibilities

Splunk Engineering  and  Development

Design, build, and maintain Splunk dashboards, s, reports, searches  SPL  , and data models supporting IAM  PAM workflows.

Develop advanced correlation searches for real  time monitoring of identity events, privileged access activity, and automation failures.

Implement Splunk indexes, sourcetypes, CIM mappings, and data onboarding pipelines for identity data sources.

Create dashboards enabling Tier 1 support to rapidly diagnose and resolve IAM  PAM incidents.

API Integration  and  Automation

Develop API  driven Splunk integrations with IAM  PAM systems, including:

Microsoft Entra ID  Graph API 

SailPoint  IQ  IN 

CyberArk REST APIs

ServiceNow

Active Directory    LDAP

Build event  driven automation and response workflows leveraging Splunk s, webhooks, or downstream automation platforms  e.g., Power Automate, ServiceNow workflows  .

Support the development of end  to  end automated remediation pipelines for identity and privileged access events.

IAM  PAM Operational Support

Build telemetry and analytics that monitor key IAM  PAM workflows such as:

Access provisioning  deprovisioning

Privileged access requests

Password vaulting and rotation

Role management and user lifecycle events

Surface anomalies, exceptions, and long  running tasks through real  time monitoring and automated ing.

Translate IAM business processes into automated or semi  automated detection and response workflows.

Telemetry, Metrics, and Observability

Partner with Power BI developers to build enterprise  grade observability dashboards, including:

Automation success  failure metrics

IAM request and SLA performance

Privileged access activity summaries

System health and integration reliability

Tier 1 automation impact and workload reduction

Develop Splunk  to  Power BI data pipelines or exports to support broader reporting initiatives.

Establish logging standards, event schemas, and health metrics for identity automation systems.

Collaboration  and  Continuous Improvement

Work closely with the PAM architect and automation teams to ensure monitoring coverage across all new workflows.

Assist in solution design, documentation, runbook creation, and operational readiness for support teams.

Continuously improve logging, ing, automation, and monitoring to increase reliability and reduce manual effort.

Participate in troubleshooting, root cause analysis, and proactive system improvements.

Required Skills  and  Qualifications

3 plus  years of experience as a Splunk Engineer  Developer in a large enterprise environment.

Strong understanding of IAM  PAM concepts including identity lifecycle, RBAC, privileged access governance, and service request workflows.

Experience integrating Splunk with at least two IAM  PAM platforms  e.g., Entra ID, CyberArk, SailPoint, ServiceNow, AD  .

Expertise in SPL  Search Processing Language  , dashboards, data models, and CIM compliance.

Hands  on experience with REST APIs, JSON, authentication tokens, and API  based integrations.

Ability to interpret operational identity processes and convert them into measurable, observable telemetry.

Strong analytical and problem  solving skills; able to translate complex system behavior into clear dashboards and s.

Preferred Qualifications

Experience in automation engineering or SOAR  style workflows.

Familiarity with Power BI, data pipelines, or similar reporting tools.

Knowledge of Python, PowerShell, or similar scripting languages.

Background in cybersecurity monitoring, SOC operations, or identity engineering.

Understanding of ServiceNow workflows, ITSM processes, and Integration Hub.

What Success Looks Like

IAM and PAM workflows are fully instrumented with high  quality telemetry and actionable s.

Splunk dashboards provide Tier 1 teams with clear, real  time visibility and rapid diagnostic capabilities.

Automated responses and API  driven integrations reduce manual workload and improve SLA performance.

Power BI dashboards and Splunk observability models deliver measurable operational insights.

Collaboration across identity engineering, automation teams, and reporting teams is seamless and productive.