IAM Engineer

Music is Universal

Its the passionate and dedicated team at Universal Music who help make us the worlds leading music company. From A&R to finance legal to digital sales to marketing Universal Music is the place to grow and develop your career within a truly commercial and innovative business that leads in everything it does.

Everyone is welcome to apply for our roles and we are determined to ensure that no applicant or employee receives less favourable treatment because of gender race disability sexual orientation religion belief age marital status background pregnancy or caring responsibilities. We also recognise the importance of diversity of thought within our teams and are fully committed to embracing the talents of people with autism dyslexia ADHD and other forms of neurocognitive variation.

We will always seek to make appropriate adjustments to recruitment workplaces and work processes to be fully inclusive to people with different needs and working styles. If you need us to make any reasonable adjustments for you from application onwards including alternatives to the online form or to disclose a neurocognitive condition please email

Job Summary:

We are UMG the Universal Music Group. We are the worlds leading music everything we do we are committed to artistry innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music music publishing merchandising and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters and we produce distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

We are currently seeking an IAM Engineer to join our global Tech Security team. The ideal candidate will have hands-on experience across the entire Identity & Access Management (IAM) stack with a strong focus on engineering automation and AI-driven optimization of identity services. This includes delivering and maintaining enterprise-grade solutions across Privileged Access Management (PAM) Identity Governance and Administration (IGA) Public Key Infrastructure(PKI) Directory Services Federation and more. This role requires a combination of strong technical skills an automation-first mindset and the ability to work effectively with business stakeholders infrastructure partners and application teams.

Fob Functions:

• Engineer deploy and maintain IAM tools across the enterprise including CyberArk Ping DaVinci Microsoft EntraID (formerly Azure AD) HashiCorp Vault Digicert and Saviynt.

• Lead and support the implementation and enhancement of IAM services including: - SSO/Federation (SAML OIDC WS-Fed) - MFA/Passwordless - Privileged Access Management (PAM) - Identity Governance (IGA) - PKI and certificate lifecycle automation - Directory services (AD EntraID).

• Build automation scripts and integrations for IAM workflows using tools such as PowerShell Python or Terraform.

• Design and implement access controls and policies that align with security and compliance standards (SOX GDPR etc.).

• Evaluate and deploy AI-powered tools and methodologies to improve identity lifecycle efficiency risk detection and operational decision-making.

• Participate in lifecycle management processes for accounts credentials roles and policies across systems and applications.

• Collaborate with InfoSec Infrastructure and App teams to ensure secure identity architecture for on-prem and cloud environments.

• Maintain high-quality documentation and architectural diagrams.

• Monitor and report metrics on IAM system performance adoption and audit readiness.

Job Requirements:

Essential Qualifications

• 5 years of hands-on experience in IAM engineering roles.

• Deep technical expertise in one or more of the following: CyberArk Ping Identity Microsoft EntraID Saviynt HashiCorp Vault Digicert Onfido.

• Solid understanding of IAM protocols and standards: SAML OIDC OAuth2 LDAP Kerberos SCIM JIT.

• Experience with automation tools and scripting (e.g. PowerShell Python Terraform).

• Familiarity with cloud platforms (Azure AWS GCP) and IAM integrations.

• Strong understanding of IAM-related compliance frameworks and controls (e.g. SOX ISO 27001 NIST).

• Proven ability to work independently and cross-functionally in a global team.

• Strong troubleshooting documentation and communication skills.

Desirable

• Bachelors Degree in Computer Science Engineering or a related technical field.

• Professional certifications such as: CISSP Security Microsoft Certified: Identity and Access Administrator CyberArk Defender Ping Identity Certified Professional.

• Experience with AI/ML integration into IAM workflows or security analytics.

• Experience supporting IAM functions in media or entertainment industry environments.

• Experience working on a global team covering multiple timezones.

Just So You Know

The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable. However the business operates in an environment that demands change and the jobholders specific responsibilities and activities will vary and develop. Therefore the job description should be seen as indicative and not as a permanent definitive and exhaustive statement.

Job Category: