We are currently seeking an Identity & Access Management Engineer with specialization in CyberArkand Public Key Infrastructure (PKI)to join UMG’s global Tech Security & Identity organization. Reporting to theManager, PAM & PKIthis is a hands-on engineering role responsible for designing, implementing, andoperatingenterprise-grade privilegedaccessand certificate-based security capabilities across a global, hybrid environment.
This engineer will play a critical role in securing privileged user access, service accounts, application credentials, and machine identities through CyberArk, while also engineering andoperatingglobalPKI services thatsecure andestablishtrust across infrastructure, applications, automated workloads, and all of UMG’s public facing websites The role emphasizes deep technical execution, automation, and operational excellence, partnering closely with infrastructure, security, and application teams to reduce risk and strengthen identity security at scale.
Job Functions
Design, engineer, deploy, andoperatePrivileged Access Management solutions using CyberArk, 1Password,HashicorpVault, and other privileged toolingacross the enterprise.
Administer and enhance CyberArk components including Vault, CPM, PVWA, PSM, and related integrations.
Implement and manage privileged access controls for users, service accounts, application credentials, and non-human identities.
Engineer andoperateenterprise PKI services, including certificate issuance, renewal, revocation, and lifecycle management.
Administer and enhance PKI platforms such as Microsoft AD Certificate Services (ADCS), DigiCert, andKeyfactorcertificate lifecycle management tooling.
Manage and support public and private certificates used for infrastructure, applications, and secure service-to-service communication.
Integrate CyberArk and PKI capabilities into applications, platforms, and cloud environments to enablesecureprivileged and machine-based access.
Develop andmaintainautomation for CyberArk and PKI workflows using scripting and API-based integrations (e.g., PowerShell, Python).
Partner with infrastructure, cloud, and application teams to onboard systems into CyberArk and PKI services and remediate security gaps.
Troubleshoot and resolve complex CyberArk- and PKI-related issues, including credential failures, certificate outages, and access disruptions.
Ensure PAM and PKI services meet availability, resiliency, and operational performance requirements in a global environment.
Support audit, compliance, and security review activities related to privileged access and cryptographic controls.
Maintain technical documentation, configuration standards, and operational runbooks to support scalable operations.
Continuously improve privileged access and PKI maturity through automation, platform enhancements, and process optimization.
Job Requirements
Essential Qualifications
5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, withstrongfocus on CyberArk and PKI.
Demonstrated enterprise experience implementing and operating CyberArk PAM solutions.
Strong hands-on experience with PKI concepts and technologies, includingcertificatelifecycle management, trust models, and cryptographic standards.
Experience administering Microsoft AD Certificate Services (ADCS) and managing public SSL/TLS certificates.
Solid understanding of privileged access concepts including credential vaulting, session management, and least privilege.
Proficiencyin scripting and automation using tools such as PowerShell or Python.
Experience integrating CyberArk and PKI solutions with Active Directory, cloud platforms (Azure and/or AWS), and enterprise applications.
Ability to independently own complex technical implementations while collaborating across a global organization.
Strong troubleshooting, documentation, and communication skills
Desirable Qualifications
Bachelor’s degree in Computer Science, Information Security, Engineering, ora relatedtechnical discipline.
CyberArk certifications such as CyberArk Defender or equivalent.
Experience with certificate management platforms such asKeyfactoror Venafi.
Experience integrating PAM or PKI into CI/CD pipelines, DevOps workflows, orsecretsmanagement solutions.
Familiarity with security and compliance frameworks such as SOX, ISO 27001, or NIST.
Experience operating IAM or security platforms within a large, global, or highly regulated enterprise
Universal Music Group is an Equal Opportunity Employer.
Diversity & Inclusion
At Universal Music we are committed to fostering diversity and inclusivity as an equal opportunity employer. We encourage applicants from all backgrounds to apply for our roles regardless of their gender, race, ethnicity, nationality, age, sexual orientation, gender identity, intersex status, marital or family status, neurodiversity, religion or belief, disabilities, or socio-economic background. We also encourage people from all cultural backgrounds to apply, including First Nations people. It is through our diversity and inclusivity that we bring together different perspectives, enhancing our creative and evolving workplace. Music is Universal.
Disclaimer
The company presents this job description as a guide to the major areas and duties for which the jobholder isaccountableHowever, the businessoperatesin an environment that demandschangeand the jobholder's specific responsibilities and activities will vary and develop. Therefore, the job description should be seen as indicative and not as a permanent,definitiveand exhaustive statement.
Technology
Universal Music Group (UMG) is the world leader in music-based entertainment, with a broad array of businesses engaged in recorded music, music publishing, merchandising and audiovisual content in more than 60 countries. Featuring the most comprehensive catalog of recordings and songs across every musical genre, UMG identifies and develops artists and produces and distributes the most critically acclaimed and commercially successful music in the world. Committed to artistry, innovation and entrepreneurship, UMG fosters the development of services, platforms and business models in order to broaden artistic and commercial opportunities for our artists and create new experiences for fans.
Universal Music Group's labels include A&M Records, Astralwerks, Blue Note Records, Capitol Christian Music Group, Capitol Records, Capitol Records Nashville, Caroline, Decca, Def Jam Recordings, Deutsche Grammophon, Disa, Emarcy, EMI Records Nashville, Fonovisa, Geffen Records, Harvest, Interscope Records, Island Records, Machete Music, MCA Nashville, Mercury Nashville, Mercury Records, Motown Records, Polydor Records, Republic Records, Universal Music Latino, Verve Label Group, Virgin Records, Virgin EMI Records, as well as a multitude of record labels owned or distributed by its record company subsidiaries around the world. UMG's catalog is marketed through two distinct divisions, Universal Music Enterprises (in the U.S.) and Universal Strategic Marketing (outside the U.S.).
UMG also includes Universal Music Publishing Group, one of the industry's premier music publishing operations worldwide and Bravado, the leading provider of consumer, lifestyle and branding services to recording artists and entertainment brands around the world. Universal Music Group is a Vivendi company.
Find out more at: http://www.universalmusic.com.
View our current career opportunities at: http://www.umusiccareers.com
