Identity and Access Management (IAM) Engineer

We are currently seeking an IAM Engineer to join our global Tech Security team. The ideal candidate will have hands-on experience across the entire Identity & Access Management (IAM) stack, with a strong focus on engineering, automation, and AI-driven optimization of identity services. This includes delivering and maintaining enterprise-grade solutions across Privileged Access Management (PAM), Identity Governance and Administration (IGA), Public Key Infrastructure(PKI), Directory Services, Federation, and more.

This role requires a combination of strong technical skills, an automation-first mindset, and the ability to work effectively with business stakeholders, infrastructure partners, and application teams.

Job Functions:

• Engineer, deploy, and maintain IAM tools across the enterprise including CyberArk, Ping DaVinci, Microsoft EntraID (formerly Azure AD), HashiCorp Vault, Digicert, and Saviynt.
• Lead and support the implementation and enhancement of IAM services including:
• SSO/Federation (SAML, OIDC, WS-Fed)
• MFA/Passwordless
• Privileged Access Management (PAM)
• Identity Governance (IGA)
• PKI and certificate lifecycle automation
• Directory services (AD, EntraID)
• Build automation scripts and integrations for IAM workflows using tools such as PowerShell, Python, or Terraform.
• Design and implement access controls and policies that align with security and compliance standards (SOX, GDPR, etc.).
• Evaluate and deploy AI-powered tools and methodologies to improve identity lifecycle efficiency, risk detection, and operational decision-making.
• Participate in lifecycle management processes for accounts, credentials, roles, and policies across systems and applications.
• Collaborate with InfoSec, Infrastructure, and App teams to ensure secure identity architecture for on-prem and cloud environments.
• Maintain high-quality documentation and architectural diagrams.
• Monitor and report metrics on IAM system performance, adoption, and audit readiness.

Job Requirements:

Essential Qualifications

• 5+ years of hands-on experience in IAM engineering roles
• Deep technical expertise in one or more of the following: CyberArk, Ping Identity, Microsoft EntraID, Saviynt, HashiCorp Vault, Digicert, Onfido
• Solid understanding of IAM protocols and standards: SAML, OIDC, OAuth2, LDAP, Kerberos, SCIM, JIT
• Experience with automation tools and scripting (e.g., PowerShell, Python, Terraform)
• Familiarity with cloud platforms (Azure, AWS, GCP) and IAM integrations
• Strong understanding of IAM-related compliance frameworks and controls (e.g., SOX, ISO 27001, NIST)
• Proven ability to work independently and cross-functionally in a global team
• Strong troubleshooting, documentation, and communication skills

Desirable

• Bachelor’s Degree in Computer Science, Engineering, or a related technical field
• Professional certifications such as: CISSP, Security+, Microsoft Certified: Identity and Access Administrator, CyberArk Defender, Ping Identity Certified Professional
• Experience with AI/ML integration into IAM workflows or security analytics
• Experience supporting IAM functions in media or entertainment industry environments
• Experience working on a global team covering multiple timezones

Perks Playlist:

• Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit
• Comprehensive medical, dental, vision, and FSA options, as well as:
• 100% coverage for out-patient mental health services
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• A lifetime fertility support allowance of $30,000 to plan participants
• Student Loan Repayment Assistance and Tuition Reimbursement
• 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation
• Variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees
• 2-weeks paid Winter Break
• 10 Company Holidays (including Juneteenth and Wellbeing Day)
• Summer Fridays (between Memorial Day and Labor Day)
• Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish