IAM Engineer - London, N1C 4AG

IAM Engineer - London, N1C 4AG, United Kingdom

Job Summary

We are currently seeking an Identity & Access Management Engineer with specialization in CyberArk and Public Key Infrastructure (PKI) to join UMG’s global Tech Security & Identity organization. Reporting to the Manager, PAM & PKI this is a hands-on engineering role responsible for designing, implementing, and operating enterprise-grade privileged access and certificate-based security capabilities across a global, hybrid environment.

This engineer will play a critical role in securing privileged user access, service accounts, application credentials, and machine identities through CyberArk, while also engineering and operating global PKI services that secure and establish trust across infrastructure, applications, automated workloads, and all of UMG’s public facing websites. The role emphasizes deep technical execution, automation, and operational excellence, partnering closely with infrastructure, security, and application teams to reduce risk and strengthen identity security at scale.

Job Functions

• Design, engineer, deploy, and operate Privileged Access Management solutions using CyberArk, 1Password, Hashicorp Vault, and other privileged tooling across the enterprise.

• Administer and enhance CyberArk components including Vault, CPM, PVWA, PSM, and related integrations.

• Implement and manage privileged access controls for users, service accounts, application credentials, and non-human identities.

• Engineer and operate enterprise PKI services, including certificate issuance, renewal, revocation, and lifecycle management.

• Administer and enhance PKI platforms such as Microsoft AD Certificate Services (ADCS), DigiCert, and Keyfactor certificate lifecycle management tooling.

• Manage and support public and private certificates used for infrastructure, applications, and secure service-to-service communication.

• Integrate CyberArk and PKI capabilities into applications, platforms, and cloud environments to enable secure privileged and machine-based access.

• Develop and maintain automation for CyberArk and PKI workflows using scripting and API-based integrations (e.g., PowerShell, Python).

• Partner with infrastructure, cloud, and application teams to onboard systems into CyberArk and PKI services and remediate security gaps.

• Troubleshoot and resolve complex CyberArk- and PKI-related issues, including credential failures, certificate outages, and access disruptions.

• Ensure PAM and PKI services meet availability, resiliency, and operational performance requirements in a global environment.

• Support audit, compliance, and security review activities related to privileged access and cryptographic controls.

• Maintain technical documentation, configuration standards, and operational runbooks to support scalable operations.

• Continuously improve privileged access and PKI maturity through automation, platform enhancements, and process optimization.

Job Requirements

Essential Qualifications

• 5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, with strong focus on CyberArk and PKI.

• Demonstrated enterprise experience implementing and operating CyberArk PAM solutions.

• Strong hands-on experience with PKI concepts and technologies, including certificate lifecycle management, trust models, and cryptographic standards.

• Experience administering Microsoft AD Certificate Services (ADCS) and managing public SSL/TLS certificates.

• Solid understanding of privileged access concepts including credential vaulting, session management, and least privilege.

• Proficiency in scripting and automation using tools such as PowerShell or Python.

• Experience integrating CyberArk and PKI solutions with Active Directory, cloud platforms (Azure and/or AWS), and enterprise applications.

• Ability to independently own complex technical implementations while collaborating across a global organization.

• Strong troubleshooting, documentation, and communication skills.

Desirable Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical discipline.

• CyberArk certifications such as CyberArk Defender or equivalent.

• Experience with certificate management platforms such as Keyfactor or Venafi.

• Experience integrating PAM or PKI into CI/CD pipelines, DevOps workflows, or secrets management solutions.

• Familiarity with security and compliance frameworks such as SOX, ISO 27001, or NIST.

• Experience operating IAM or security platforms within a large, global, or highly regulated enterprise ​

About UMG UK

We are Universal Music Group UK – the UK’s leading music-based entertainment company. We exist to shape culture through the power of artistry. We help UK artists produce, distribute and promote the most critically acclaimed and commercially successful music to inspire and entertain fans at home and around the world.​

Bonus Tracks: Your Benefits

• Group Personal Pension Scheme (between 3% and 9%)

• Private Medical Insurance

• 25 paid days of annual leave

• Interest Free Season Ticket Loan

• Holiday Purchase scheme

• Dental and Travel Insurance options

• Cycle to Work Scheme

• Salary Sacrifice Cars

• Subsidised Gym Membership

• Employee Discounts (Reward Gateway)