Identity and Access Management (IAM) Engineer

Nashville, IN - USA

Monthly Salary: $ 121305 - 145385

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

We are UMG the Universal Music Group. We are the worlds leading music everything we do we are committed to artistry innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music music publishing merchandising and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters and we produce distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

We are currently seeking an IAM Engineer to join our global Tech Security team. The ideal candidate will have hands-on experience across the entire Identity & Access Management (IAM) stack with a strong focus on engineering automation and AI-driven optimization of identity services. This includes delivering and maintaining enterprise-grade solutions across Privileged Access Management (PAM) Identity Governance and Administration (IGA) Public Key Infrastructure(PKI) Directory Services Federation and more.

This role requires a combination of strong technical skills an automation-first mindset and the ability to work effectively with business stakeholders infrastructure partners and application teams.

Job Functions:

Engineer deploy and maintain IAM tools across the enterprise including CyberArk Ping DaVinci Microsoft EntraID (formerly Azure AD) HashiCorp Vault Digicert and Saviynt.

Lead and support the implementation and enhancement of IAM services including:
- SSO/Federation (SAML OIDC WS-Fed)
- MFA/Passwordless
- Privileged Access Management (PAM)
- Identity Governance (IGA)
- PKI and certificate lifecycle automation
- Directory services (AD EntraID)

Build automation scripts and integrations for IAM workflows using tools such as PowerShell Python or Terraform.

Design and implement access controls and policies that align with security and compliance standards (SOX GDPR etc.).

Evaluate and deploy AI-powered tools and methodologies to improve identity lifecycle efficiency risk detection and operational decision-making.

Participate in lifecycle management processes for accounts credentials roles and policies across systems and applications.

Collaborate with InfoSec Infrastructure and App teams to ensure secure identity architecture for on-prem and cloud environments.

Maintain high-quality documentation and architectural diagrams.

Monitor and report metrics on IAM system performance adoption and audit readiness.

Job Requirements:

Essential Qualifications

5 years of hands-on experience in IAM engineering roles

Deep technical expertise in one or more of the following: CyberArk Ping Identity Microsoft EntraID Saviynt HashiCorp Vault Digicert Onfido

Solid understanding of IAM protocols and standards: SAML OIDC OAuth2 LDAP Kerberos SCIM JIT

Experience with automation tools and scripting (e.g. PowerShell Python Terraform)

Familiarity with cloud platforms (Azure AWS GCP) and IAM integrations

Strong understanding of IAM-related compliance frameworks and controls (e.g. SOX ISO 27001 NIST)

Proven ability to work independently and cross-functionally in a global team

Strong troubleshooting documentation and communication skills

Desirable

Bachelors Degree in Computer Science Engineering or a related technical field

Professional certifications such as: CISSP Security Microsoft Certified: Identity and Access Administrator CyberArk Defender Ping Identity Certified Professional

Experience with AI/ML integration into IAM workflows or security analytics

Experience supporting IAM functions in media or entertainment industry environments

Experience working on a global team covering multiple timezones

Perks Playlist:

Join an entrepreneurial global organization where authenticity boldness creativity connection drive and insight arent just valuestheyre how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

Comprehensive medical dental and vision coverage
Including 100% coverage for out-patient in-network mental health services
Fertility coverage for eligible medical plan participants
Wellbeing reimbursements for fitness classes spa treatments meal services travel and so much more (up to $720/year)
Student Loan Repayment Assistance and Tuition Reimbursement
401(k) with 100% immediate vesting on the first 5% of your contributions plus an additional UMG contribution

A variety of ways to prioritize much-needed time away from work including:

Flexible Paid Time Off (PTO) for exempt employees
3-weeks PTO for non-exempt employees
2-weeks paid Winter Break
10 Company Holidays (including Juneteenth and Wellbeing Day)
Summer Fridays (between Memorial Day and Labor Day)
Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama Arizona Georgia Mississippi North Carolina South Carolina Tennessee and Utah.

For more information please click on the following links.

E-Verify Participation Poster:English / Spanish

E-Verify Right to Work Poster:EnglishSpanish

Job Category:

Technology

Salary Range:

$121305 - $145385

The actual base salary offered depends on a variety of factors which may include as applicable the qualifications of the individual applicant for the position years of relevant experience specific and unique skills level of education attained certifications or other professional licenses held and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.

Required Experience: