Identity & Access Management Engineer (Single Sign-On) in London

Requirements

• 5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, with a strong focus on Access Management.
• Demonstrated experience implementing and operating enterprise access management platforms (e.g., Ping Identity, Okta, Microsoft Entra ID, or equivalent).
• Strong understanding of authentication and authorization concepts, including SSO, federation, MFA, and adaptive access.
• Hands-on experience with identity protocols and standards such as SAML, OAuth 2.0, OpenID Connect (OIDC), and LDAP.
• Experience integrating identity platforms with cloud applications, SaaS platforms, and custom-built applications.
• Proficiency in scripting and automation using tools such as PowerShell or Python.
• Experience operating access services in hybrid and cloud environments (Azure and/or AWS).
• Ability to independently own complex technical implementations while collaborating across a global organization.
• Strong troubleshooting, documentation, and communication skills.
• (Desirable) Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical discipline.
• (Desirable) Experience with passwordless authentication technologies and modern identity standards.
• (Desirable) Familiarity with Zero Trust and conditional access models.
• (Desirable) Experience supporting authentication services in high-availability, 24x7 enterprise environments.
• (Desirable) Experience with identity verification solutions and technologies.
• (Desirable) Professional certifications such as Ping Identity Certified Professional, Microsoft Certified: Identity and Access Administrator, Security+, or CISSP.
• (Desirable) Experience operating IAM platforms within a large, global, or highly regulated enterprise environment.

What the job involves

We are currently seeking an Identity & Access Management Engineer with specialization in Access Management to join UMG’s global Tech Security & Identity organization. Reporting to the Manager, Access Management VP, Tech Security & Identity, this is a hands-on engineering role responsible for designing, implementing, and operating enterprise access management capabilities across a global, hybrid environment – including workforce, partner, customer, and consumer experiences.

This engineer will play a critical role in securing authentication and authorization for workforce and application access, delivering scalable solutions across Single Sign-On (SSO), federation, and multi-factor authentication (MFA). The role emphasizes strong technical execution, platform reliability, and automation, working closely with application, infrastructure, and security teams to enable secure access while maintaining a strong user experience.

• Design, engineer, deploy, and operate Access Management solutions across the enterprise.
• Implement and support Single Sign-On (SSO) and federation services using modern identity protocols.
• Engineer and maintain authentication and authorization services including MFA, adaptive access, and conditional access policies.
• Integrate applications and platforms with enterprise access management systems across on-premises and cloud environments.
• Partner with application owners and platform teams to onboard applications to SSO and enforce consistent authentication standards.
• Design and maintain secure federation integrations using protocols such as SAML, OAuth 2.0, and OpenID Connect (OIDC).
• Develop and maintain automation and tooling to support access onboarding, configuration, and lifecycle management.
• Troubleshoot and resolve complex authentication, authorization, and federation issues impacting users or applications.
• Ensure access management services meet availability, performance, and resiliency requirements in a global environment.
• Support audit, compliance, and security review activities related to access controls and authentication mechanisms.
• Maintain technical documentation, standards, and runbooks for access management platforms and integrations.
• Continuously improve access security and user experience through platform enhancements, automation, and adoption of modern authentication patterns.