UMG is seeking an experienced Network Security Engineer (Firewall & NAC) to join our Global Network Infrastructure team. This role plays a critical part in UMG’s Global Security and Cybersecurity strategy by designing, standardizing, and operating enterprise firewall and perimeter security platforms.
The ideal candidate will have deep hands-on experience with next-generation firewall technologies, a strong focus on security standardization, and the ability to partner closely with Cybersecurity and Infrastructure teams in a global enterprise environment.
Design, deploy, and support enterprise firewall and perimeter security solutions
Build, implement and maintain security controls aligned with Zero Trust and least-privilege principles
Lead standardization efforts across firewall platforms and configurations
Define and maintain Network Access Control (NAC) strategy, standards, and architectures (Cisco ISE) to support secure enterprise access.
Design, implement, and operationalize NAC policy including authentication/authorization, device profiling, and identity-based segmentation enforcement.
Own network security logging and telemetry strategy for firewall and NAC controls, including log scope, retention, access controls, and audit readiness.
Design and implement logging methods and systems (e.g., syslog, API-based ingestion, cloud-native logging) to onboard network security events into the enterprise SIEM for monitoring and incident response.
Partner with the SOC to define alerts, dashboards, and investigation workflows based on firewall and NAC security logs.
Perform security assessments and contribute to risk reduction initiatives
Serve as an escalation point for complex firewall and network security issues
Maintain network security standards documentation, configuration standards, and operational runbooks
Participate in technology evaluations and security architecture reviews
Ensure adherence to change, incident, and problem management processes
Required:
5+ years of overall IT experience
3+ years in firewall or network security engineering roles
Experience with firewall concepts and implementations, preferably Palo Alto Networks firewalls.
Experience with Network Access Control (NAC) concepts and implementations, preferably Cisco Identity Services Engine (ISE).
Working knowledge of AAA and secure access methods including 802.1X and RADIUS/EAP; familiarity with certificate-based authentication and PKI dependencies.
Experience designing and operating security logging for network security controls, including log source onboarding, normalization, retention, and integration with SIEM platforms.
Solid understanding of IP networking, routing, and security fundamentals
Experience working in large, global, or regulated environments
Strong communication and documentation skills
Preferred:
Security certifications such as CCNP Security, PCNSE, or equivalent
Familiarity with Zero Trust, network segmentation, and security governance frameworks
Experience supporting audits, compliance, or regulatory requirements
Universal Music Group is an Equal Opportunity Employer.
Diversity & Inclusion
At Universal Music we are committed to fostering diversity and inclusivity as an equal opportunity employer. We encourage applicants from all backgrounds to apply for our roles regardless of their gender, race, ethnicity, nationality, age, sexual orientation, gender identity, intersex status, marital or family status, neurodiversity, religion or belief, disabilities, or socio-economic background. We also encourage people from all cultural backgrounds to apply, including First Nations people. It is through our diversity and inclusivity that we bring together different perspectives, enhancing our creative and evolving workplace. Music is Universal.
Disclaimer
The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable. However, the business operates in an environment that demands change and the jobholder's specific responsibilities and activities will vary and develop. Therefore, the job description should be seen as indicative and not as a permanent, definitive and exhaustive statement.
Technology
Universal Music Group (UMG) is the world leader in music-based entertainment, with a broad array of businesses engaged in recorded music, music publishing, merchandising and audiovisual content in more than 60 countries. Featuring the most comprehensive catalog of recordings and songs across every musical genre, UMG identifies and develops artists and produces and distributes the most critically acclaimed and commercially successful music in the world. Committed to artistry, innovation and entrepreneurship, UMG fosters the development of services, platforms and business models in order to broaden artistic and commercial opportunities for our artists and create new experiences for fans.
Universal Music Group's labels include A&M Records, Astralwerks, Blue Note Records, Capitol Christian Music Group, Capitol Records, Capitol Records Nashville, Caroline, Decca, Def Jam Recordings, Deutsche Grammophon, Disa, Emarcy, EMI Records Nashville, Fonovisa, Geffen Records, Harvest, Interscope Records, Island Records, Machete Music, MCA Nashville, Mercury Nashville, Mercury Records, Motown Records, Polydor Records, Republic Records, Universal Music Latino, Verve Label Group, Virgin Records, Virgin EMI Records, as well as a multitude of record labels owned or distributed by its record company subsidiaries around the world. UMG's catalog is marketed through two distinct divisions, Universal Music Enterprises (in the U.S.) and Universal Strategic Marketing (outside the U.S.).
UMG also includes Universal Music Publishing Group, one of the industry's premier music publishing operations worldwide and Bravado, the leading provider of consumer, lifestyle and branding services to recording artists and entertainment brands around the world. Universal Music Group is a Vivendi company.
Find out more at: http://www.universalmusic.com.
View our current career opportunities at: http://www.umusiccareers.com
