Senior Identity Architect

Tech Woodland Hills, California Remote, United States Req. R0005994


We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation, and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute, and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

How you’ll LEAD:

We are currently seeking a hands-on Senior Identity Architect with expertise in Identity Federation/Authentication/Authorizations and related areas as well as with a passion in designing and deploying highly scalable services in cloud.

Securing and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

You will come with strong technical experience in Authentication/Authorizations services area within cloud platforms and on-premises environments.  You will bring deep technical and software expertise, strong business acumen and judgment. Utilizing your experience with on-prem and Cloud IAM services you will work with the team to transition applications to Azure making use of Identity Federation protocols such as SAML2, WS-Federation, Kerberos, OAuth2 and OpenID Connect (OIDC).   You also must have experience and understanding of modern Identity & Access Management concepts and best practice. 

In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Knowledge and experience with information security, Authorization and Authentication systems, infrastructure and implementation techniques is a key component to this role.
  • Provide architecture leadership and oversight for large transformational enterprise impacting initiatives to ensure that solutions development aligns with the defined architecture strategies.
  • Lead the identification and analysis of enterprise business drivers to derive useful business context.
  • Promote the UMG processes, strategies, and recommendations to the organization, including the enterprise's IT and business leaders.
  • Lead technical design sessions; architect and document technical solutions aligned with business objectives; identify gaps between current and desired end states.
  • Follow and help define coding standards. Lead code reviews during projects to ensure quality and appropriate design patterns are followed
  • Provide engineering support to the Identity and Authentication team. 
  • Ability to enable application movement to modern authentication in the multi-cloud environment through use of SSO and Federation.
  • Defining the product requirements for our next generation Identity/AuthN/AuthZ platform and delivering on our KPIs and multiyear roadmap with a focus on building massively scalable platforms.
  • Lead, define, develop, maintain, support UMG’s highly scalable in-house middleware identity service deployed in AWS cloud.
  • Work with management and other personnel to identify security best practices and applies a risk-based approach to information security covering the security aspects of Cloud & On-premises IAM services with a focus on Authentication services (SSO and MFA).
  • Produce and implement enterprise-level designs for Azure AD/ Azure B2B/B2C authentication for global initiatives.
  • Work daily with Agile engineering scrum teams and participate in daily standups, grooming and planning to deliver product features on a bi-weekly basis
  • Have a background in APIs and platform product lines that have been made available to developers, partners and large enterprises via self-service documentation, developer guides and turnkey integrations
  • Understanding the complexities of a large-scale global platform with a focus on scalability, reliability and resiliency while maintaining exceptional quality of software and lead steady state and continuous improvement efforts for Authentication technologies for globally diverse solutions.

Bring your VIBE:

  • 12+ years of experience in Information Security with 7+ year in Identity Federation space.
  • Hands on Coding experience with highly scalable solution that gets deployed in Cloud using CI/CD pipeline is a MUST.
  • Passionate about Identity and Access Management with strong hands experience in OAuth 2.0, OpenID connect, SAML, WS-Fed, SCIM (System for Cross domain Identity Management) and API authorization/access management
  • Prior experience in areas like password management, encryption, two factor authentication, Biometrics, WebAuthn and FIDO standards, risk-based authentication, and strong customer authentication.
  • Expertise in Identity and Federation solutions such as Active Directory, Azure AD, Azure B2B, Azure B2C and Okta including privileged access management.
  • Hands on coding experience is must in areas like REST APIs, GraphQL and React JS/Native as well building and packaging of SDKs for websites and Native Applications (iOS and Android)
  • Holistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine)
  • Ability to code in various programming or scripting languages like java, .Net as well such as Shell scripting, Perl, Python, JavaScript, HTML and PowerShell.
  • Understanding of Secure API design concepts, RESTful Services, and modern application interaction patterns
  • Understanding of systems architecture and ability to design scalable performance-driven solutions.
  • Experience in developing and deploying large-scale, global products using Kubernetes, docker containers, Istio mesh in AWS cloud
  • Technical planning & requirements gathering including estimates, development, tests, architecting and delivering
  • Solid understanding of environment management, release management, code versioning, and deployment methodologies.
  • Create technical documentation
  • High sense of ownership, urgency, and drive.
  • Proven track record of getting things done, managing multiple tasks including communication with internal and external teams while consistently delivering on schedule.
  • Excellent oral and written communication skills with the ability to adapt your message to the technical level of the audience (developers, product managers, and senior business leaders)
  • Bachelor’s Degree in Computer Science, Engineering, Network Security, or related field
  • Demonstrated excellent technical engineering management experience with technical writing skills.
  • Understanding of Agile Life Cycle and project planning/execution skills including estimating and scheduling.
  • IT Certifications including Microsoft Certifications, CISSP, SANS, Security+, and ITIL v3 Foundation certifications is a plus.
  • International experience beneficial; multiple language skills a plus

Perks Playlist:

  • Competitive Compensation Package including Salary, Benefits and Generous 401k Savings Plan with company matching
  • Flexible Paid Time Off plus Paid Holidays, 2 week “Winter Break” & Wellness Fridays (year-round)
  • Medical, Dental and Vision Insurance
  • Student Loan Repayment Assistance & Tuition Reimbursement (after 12 months of service)
  • Robust Employee Assistance Program (for you and your loved ones)
  • Annual Well-Being Allowance which includes Fitness, Travel, Home Enhancements, Nutrition, and Spa Treatment Reimbursements

Universal Music Group is an Equal Opportunity Employer

All UMG employees are currently required to be fully vaccinated against COVID-19 or provide proof of a negative PCR or Antigen test before entering any Company offices unless they have been approved for an exemption or unless prohibited by applicable law.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.