Job Description
Splunk Developer IAM PAM Automation, API Integration and Telemetry
Job Description
Position Overview
We are seeking an experienced Splunk Developer with a strong foundational understanding of Identity and Access Management IAM and Privileged Access Management PAM principles. This role will design and implement logging, ing, automation, and observability capabilities supporting a large enterprise identity ecosystem.
The ideal candidate has experience integrating Splunk with IAM PAM tools such as Microsoft Entra, ServiceNow, SailPoint, CyberArk, and Active Directory, and can leverage APIs to build automated workflows, s, dashboards, and data pipelines. This role will work closely with our PAM Architect, Power Automate developers, and Power BI developers to create a unified monitoring and automation capability for Tier 1 support operations.
Key Responsibilities
Splunk Engineering and Development
Design, build, and maintain Splunk dashboards, s, reports, searches SPL , and data models supporting IAM PAM workflows.
Develop advanced correlation searches for real time monitoring of identity events, privileged access activity, and automation failures.
Implement Splunk indexes, sourcetypes, CIM mappings, and data onboarding pipelines for identity data sources.
Create dashboards enabling Tier 1 support to rapidly diagnose and resolve IAM PAM incidents.
API Integration and Automation
Develop API driven Splunk integrations with IAM PAM systems, including:
Microsoft Entra ID Graph API
SailPoint IQ IN
CyberArk REST APIs
ServiceNow
Active Directory LDAP
Build event driven automation and response workflows leveraging Splunk s, webhooks, or downstream automation platforms e.g., Power Automate, ServiceNow workflows .
Support the development of end to end automated remediation pipelines for identity and privileged access events.
IAM PAM Operational Support
Build telemetry and analytics that monitor key IAM PAM workflows such as:
Access provisioning deprovisioning
Privileged access requests
Password vaulting and rotation
Role management and user lifecycle events
Surface anomalies, exceptions, and long running tasks through real time monitoring and automated ing.
Translate IAM business processes into automated or semi automated detection and response workflows.
Telemetry, Metrics, and Observability
Partner with Power BI developers to build enterprise grade observability dashboards, including:
Automation success failure metrics
IAM request and SLA performance
Privileged access activity summaries
System health and integration reliability
Tier 1 automation impact and workload reduction
Develop Splunk to Power BI data pipelines or exports to support broader reporting initiatives.
Establish logging standards, event schemas, and health metrics for identity automation systems.
Collaboration and Continuous Improvement
Work closely with the PAM architect and automation teams to ensure monitoring coverage across all new workflows.
Assist in solution design, documentation, runbook creation, and operational readiness for support teams.
Continuously improve logging, ing, automation, and monitoring to increase reliability and reduce manual effort.
Participate in troubleshooting, root cause analysis, and proactive system improvements.
Required Skills And Qualifications
3 plus years of experience as a Splunk Engineer Developer in a large enterprise environment.
Strong understanding of IAM PAM concepts including identity lifecycle, RBAC, privileged access governance, and service request workflows.
Experience integrating Splunk with at least two IAM PAM platforms e.g., Entra ID, CyberArk, SailPoint, ServiceNow, AD .
Expertise in SPL Search Processing Language , dashboards, data models, and CIM compliance.
Hands on experience with REST APIs, JSON, authentication tokens, and API based integrations.
Ability to interpret operational identity processes and convert them into measurable, observable telemetry.
Strong analytical and problem solving skills; able to translate complex system behavior into clear dashboards and s.
Preferred Qualifications
Experience in automation engineering or SOAR style workflows.
Familiarity with Power BI, data pipelines, or similar reporting tools.
Knowledge of Python, PowerShell, or similar scripting languages.
Background in cybersecurity monitoring, SOC operations, or identity engineering.
Understanding of ServiceNow workflows, ITSM processes, and Integration Hub.
What Success Looks Like
IAM and PAM workflows are fully instrumented with high quality telemetry and actionable s.
Splunk dashboards provide Tier 1 teams with clear, real time visibility and rapid diagnostic capabilities.
Automated responses and API driven integrations reduce manual workload and improve SLA performance.
Power BI dashboards and Splunk observability models deliver measurable operational insights.
Collaboration across identity engineering, automation teams, and reporting teams is seamless and productive.
