IAM Engineer - PAM & PKI in London

Music is Universal

It’s the passionate and dedicated team at Universal Music who help make us the world’s leading music company. From A&R to finance, legal to digital, sales to marketing, Universal Music is the place to grow and develop your career within a truly commercial and innovative business that leads in everything it does.

Everyone is welcome to apply for our roles, and we are determined to ensure that no applicant or employee receives less favourable treatment because of gender, race, disability, sexual orientation, religion, belief, age, marital status, background, pregnancy, or caring responsibilities. We also recognise the importance of diversity of thought within our teams and are fully committed to embracing the talents of people with autism, dyslexia, ADHD, and other forms of neurocognitive variation.

We will always seek to make appropriate adjustments to recruitment, workplaces, and work processes to be fully inclusive to people with different needs and working styles. If you need us to make any reasonable adjustments for you from application onwards, including alternatives to the online form or to disclose a neurocognitive condition, please email UniversalMusicCareers@umusic.com.

Job Summary

We are currently seeking an Identity & Access Management Engineer with deep specialization in Privileged Access Management (PAM) and Public Key Infrastructure (PKI) to join UMG’s global Tech Security & Identity organization. Reporting to the VP, Tech Security & Identity, this role is a hands-on engineering position focused on designing, implementing, and operating enterprise-grade PAM and PKI capabilities across a complex, global environment.

This engineer will play a critical role in securing privileged identities, service accounts, machine identities, and cryptographic trust across on-premises and cloud platforms. The position emphasizes technical execution, automation, and operational excellence, partnering closely with infrastructure, security, and application teams to reduce risk, improve resilience, and scale identity security services. The ideal candidate brings strong CyberArk and PKI experience, an automation-first mindset, and the ability to operate effectively in a regulated, highly distributed enterprise.

Job Functions

• Design, engineer, deploy, and operate Privileged Access Management solutions, with primary responsibility for CyberArk platforms including Vault, CPM, PVWA, PSM, and related integrations.

• Implement and manage PAM controls for human and non-human identities, including privileged users, service accounts, application credentials, and secrets.

• Engineer and support enterprise PKI services, including certificate issuance, renewal, revocation, and lifecycle automation across infrastructure, applications, and end-user devices.

• Administer and enhance PKI platforms and services such as Microsoft AD Certificate Services (ADCS), public certificate authorities, and certificate lifecycle management tools.

• Develop and maintain automation for PAM and PKI workflows using scripting and infrastructure-as-code approaches (PowerShell, Python, Terraform, APIs).

• Partner with application, cloud, and infrastructure teams to integrate PAM and PKI capabilities into platforms, CI/CD pipelines, and operational processes.

• Define and enforce privileged access policies, credential management standards, and cryptographic controls aligned to security, audit, and compliance requirements.

• Troubleshoot and resolve complex PAM and PKI incidents, including certificate outages, access failures, and privileged session issues.

• Contribute to operational readiness, monitoring, and audit support activities related to PAM and PKI controls (e.g., SOX, ISO 27001, internal audits).

• Maintain technical documentation, runbooks, and configuration standards to support scalable and repeatable operations.

• Continuously evaluate opportunities to improve security posture, resilience, and efficiency through automation, tooling enhancements, and process optimization.

Job Requirements

Essential Qualifications

• 5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, with strong focus on Privileged Access Management and/or PKI.

• Demonstrated experience engineering and operating CyberArk PAM solutions in an enterprise environment.

• Strong hands-on experience with PKI concepts and technologies, including certificate lifecycle management, trust models, and cryptographic standards.

• Experience administering Microsoft AD Certificate Services (ADCS) and managing public SSL/TLS certificates.

• Proficiency in scripting and automation using tools such as PowerShell and Python; experience with infrastructure-as-code or API-based integrations preferred.

• Solid understanding of identity, authentication, and access control concepts, particularly as they relate to privileged and machine identities.

• Experience working in hybrid and cloud environments (Azure and/or AWS) integrating PAM and PKI controls.

• Ability to work independently on complex technical problems while collaborating effectively within a global, cross-functional team.

• Strong troubleshooting, documentation, and communication skills, with the ability to explain technical issues to non-specialist stakeholders.

Desirable Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical discipline.

• Experience with certificate management platforms such as Keyfactor or Venafi.

• Experience integrating PAM or PKI into CI/CD pipelines, DevOps tooling, or secrets management solutions.

• Familiarity with identity and security compliance frameworks such as SOX, ISO 27001, NIST, or similar.

• Professional certifications such as CyberArk Defender, Microsoft Certified: Identity and Access Administrator, Security+, CISSP, or similar.

• Experience operating IAM or security services within a large, global, or highly regulated enterprise environment.

About UMG UK

We are Universal Music Group UK – the UK’s leading music-based entertainment company. We exist to shape culture through the power of artistry. We help UK artists produce, distribute and promote the most critically acclaimed and commercially successful music to inspire and entertain fans at home and around the world.

Bonus Tracks: Your Benefits

• Group Personal Pension Scheme (between 3% and 9%)

• Private Medical Insurance

• 25 paid days of annual leave

• Interest Free Season Ticket Loan

• Holiday Purchase scheme

• Dental and Travel Insurance options

• Cycle to Work Scheme

• Salary Sacrifice Cars

• Subsidised Gym Membership

• Employee Discounts (Reward Gateway)

Just So You Know…

The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable. However, the business operates in an environment that demands change and the jobholder’s specific responsibilities and activities will vary and develop. Therefore, the job description should be seen as indicative and not as a permanent, definitive, and exhaustive statement.

Job Category:

Universal Music Group