Job Summary We are currently seeking an Identity & Access Management Engineer with specialization in CyberArk and Public Key Infrastructure (PKI) to join UMG’s global Tech Security & Identity organization. Reporting to the Manager, PAM & PK I this is a hands-on engineering role responsible for designing, implementing, and operating enterprise-grade privileged access and certificate-based security capabilities across a global, hybrid environment. This engineer will play a critical role in securing privileged user access, service accounts, application credentials, and machine identities through CyberArk, while also engineering and operating global PKI services that secure and establish trust across infrastructure, applications, automated workloads , and all of UMG’s public facing websites . The role emphasizes deep technical execution, automation, and operational excellence, partnering closely with infrastructure, security, and application teams to reduce risk and strengthen identity security at scale. Job Functions Design, engineer, deploy, and operate Privileged Access Management solutions using CyberArk , 1Password, Hashicorp Vault, and other privileged tooling across the enterprise. Administer and enhance CyberArk components including Vault, CPM, PVWA, PSM, and related integrations. Implement and manage privileged access controls for users, service accounts, application credentials, and non-human identities. Engineer and operate enterprise PKI services, including certificate issuance, renewal, revocation, and lifecycle management. Administer and enhance PKI platforms such as Microsoft AD Certificate Services (ADCS) , DigiCert, and Keyfactor certificate lifecycle management tooling. Manage and support public and private certificates used for infrastructure, applications, and secure service-to-service communication. Integrate CyberArk and PKI capabilities into applications, platforms, and cloud environments to enable secure privileged and machine-based access. Develop and maintain automation for CyberArk and PKI workflows using scripting and API-based integrations (e.g., PowerShell, Python). Partner with infrastructure, cloud, and application teams to onboard systems into CyberArk and PKI services and remediate security gaps. Troubleshoot and resolve complex CyberArk- and PKI-related issues, including credential failures, certificate outages, and access disruptions. Ensure PAM and PKI services meet availability, resiliency, and operational performance requirements in a global environment. Support audit, compliance, and security review activities related to privileged access and cryptographic controls. Maintain technical documentation, configuration standards, and operational runbooks to support scalable operations. Continuously improve privileged access and PKI maturity through automation, platform enhancements, and process optimization. Job Requirements Essential Qualifications 5 years of hands-on experience in Identity & Access Management or Security Engineering roles, with strong focus on CyberArk and PKI. Demonstrated enterprise experience implementing and operating CyberArk PAM solutions. Strong hands-on experience with PKI concepts and technologies, including certificate lifecycle management, trust models, and cryptographic standards. Experience administering Microsoft AD Certificate Services (ADCS) and managing public SSL/TLS certificates. Solid understanding of privileged access concepts including credential vaulting, session management, and least privilege. Proficiency in scripting and automation using tools such as PowerShell or Python. Experience integrating CyberArk and PKI solutions with Active Directory, cloud platforms (Azure and/or AWS), and enterprise applications. Ability to independently own complex technical implementations while collaborating across a global organization. Strong troubleshooting, documentation, and communication skills . Desirable Qualifications Bachelor’s degree in Computer Science , Information Security, Engineering, or a related technical discipline. CyberArk certifications such as CyberArk Defender or equivalent. Experience with certificate management platforms such as Keyfactor or Venafi. Experience integrating PAM or PKI into CI/CD pipelines, DevOps workflows, or secrets management solutions. Familiarity with security and compliance frameworks such as SOX, ISO 27001, or NIST. Experience operating IAM or security platforms within a large, global, or highly regulated enterprise Universal Music Group is an Equal Opportunity Employer. Diversity & Inclusion At Universal Music we are committed to fostering diversity and inclusivity as an equal opportunity employer. We encourage applicants from all backgrounds to apply for our roles regardless of their gender, race, ethnicity, nationality, age, sexual orientation, gender identity, intersex status, marital or family status, neurodiversity, religion or belief, disabilities, or socio-economic background. We also encourage people from all cultural backgrounds to apply, including First Nations people. It is through our diversity and inclusivity that we bring together different perspectives, enhancing our creative and evolving workplace. Music is Universal. Disclaimer The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable . However, the business operates in an environment that demands change and the jobholder's specific responsibilities and activities will vary and develop. Therefore, the job description should be seen as indicative and not as a permanent, definitive and exhaustive statement. Job Category: Technology
