Identity Operations Engineer – T2

Tech Kings Cross, London Req. UMG-5419


Job title: Identity Operations Engineer – T2          
Responsible to: Operations Center Manager
Department: UMG Global IT
Location of work: 4 Pancras Square, Kings Cross


Music is Universal

It’s the passionate and dedicated team at Universal Music who help make us the world’s leading music company. From A&R to finance, legal to digital, sales to marketing, Universal Music is the place to grow and develop your career within a truly commercial and innovative business that leads in everything it does.

Everyone is welcome to apply for our roles, and we are determined to ensure that no applicant or employee receives less favourable treatment because of gender, race, disability, sexual orientation, religion, belief, age, marital status, background, pregnancy or caring responsibilities. We also recognise the importance of diversity of thought within our teams and are fully committed to embracing the talents of people with autism, dyslexia, ADHD and other forms of neurocognitive variation.

We will always seek to make appropriate adjustments to recruitment, workplaces, and work processes to be fully inclusive to people with different needs and working styles. If you need us to make any reasonable adjustments for you from application onwards, including alternatives to the online form or to disclose a neurocognitive condition, please email [email protected]


The A Side: A Day in The Life


As a key member of the UMG Operations Center, the Senior Identity and Access Management Engineer is responsible for ensuring our Identity Management and Messaging environments, including Active Directory functions at peak efficiency. The position will be a team player working to expand the integration of our identity management solutions with our enterprise applications, support day-to-day administration, reporting, troubleshooting, and operations of our Identity Management environment. In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment. This position will be shift-based and the successful candidate will participate in on-call rotation, and as such, work outside of standard business hours will occasionally be required.


The B Side: Skills & Experience

 Be Knowledgeable


  • Utilize best practices to ensure that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss
  • Troubleshoots and manages the resolution of issues related identities, systems, access, accounts, authentication, authorization, entitlements, and permissions
  • Troubleshoots, supports and resolves system incidents, problems and changes, as required
  • Utilize industry best practices for appropriate standards, processes, procedures, tools, and documentation


Be Organised 


  • Complete the key metric reporting and analysis for the Identity Management environment as required
  • Work to ensure audit tasks related to Identity Management are completed on time, with participation of appropriate parties
  • Ensure the maintenance, patching, operating, and monitoring of IAM systems is in place and completed on schedule


Be Collaborative


  • Provide ITIL based operational support and acts as a technical resource for the Active Directory infrastructure, including incident, change, and problem management
  • Provide support of on premise and cloud-based equipment and configuration including but not limited to Domain Controllers, SaaS applications such as Azure Active Directory, O365, Duo, CyberArk, YubiKey, Microsoft Identity Management, Splunk, and Active Roles servers
  • Participate in security incident response teams as needed


Person Specification




  • Solid technical skills in the Identity Management space, including Active Directory
  • Proven track record working in Identity & Access Management (IAM)
  • A strong ability for troubleshooting and problem analysis is required, along with the ability to clearly communicate the results of problem analysis to business stakeholders, IT support teams, and network providers to quickly and effectively resolve operational issues
  • Experience troubleshooting, managing, and solving issues related to identities, systems, access, accounts, authentication, authorization, entitlements, and permissions
  • Hands on experience of Active Directory operation and support including Active Directory Infrastructure components (FSMO roles), delegated administration, group policies, OU admin & Site replication, ADFS, Exchange operation and support including OWA, SMTP services, and routing / costing (or similar)
  • Technical expertise in the following:
    • Component services & areas: multi-domain design, DDNS, DHCP, ActiveSync, Outlook client, Spam filtering, and anti-malwareservices  (or similar)
    • Relevant management & operational tooling: NetIQ Security & Application Manager, QUEST, Splunk, Insight mgt, and Microsoft Administration tools (or similar)
    • Directory Services, Directory Services replication/synchronization, Kerberos, Active Directory compliance for Schema Extensions, DEA (Directory Enabled Applications), SMTP Query management, S-LDAP, AD integration security, federation services and Forest system context management for application services (or similar)
    • Adept at PowerShell & VB scripting, regular expressions, policy management, etc. Additional experience in one or more scripting languages such as Perl, Python, Chef, Ansible, or JSON is a plus (or similar)
  • Customer service driven/focused with a proactive and positive can-do approach. Demonstrates commitment to organisation’s policy framework and practices continuous improvement
  • Hands-on experience and skills with systems such as  O365 and ServiceNow are required.  Experience with ServiceNow orchestration into Active Directory & O365, Zoom, Jabber, or Teams is a plus (or similar)
  • Experience with security protocols such as S-LDAP, SAML, WS-Federation, SCIM, OAuth, and OIDC (or similar)
  • Demonstrated current work experience supporting integrated IAM solutions such as Azure Active Directory, Active Roles, Duo, MIM, CyberArk, Okta, ForgeRock, PingFederate, and SiteMinder (or similar)
  • Demonstrated organisational skills, attention to detail and ability to work both independently and as part of a team



  • Understanding of Microsoft Teams group/system policies, survivable branch appliances, unified messaging, and federation (or similar)
  • Experience configuring and managing IT systems with technologies such as Java, JavaScript, XML, SOAP, JSON/REST, SQL, RDBMS, Linux, Windows, and databases (or similar)
  • IT Certifications including MCSE Certification specialization in Identity Management, Certified Access Management Specialist (CAMS), and ITIL Foundations certifications (or similar) desired
  • International experience beneficial; multiple language skills a plus


Bonus Tracks: Your Benefits


  • Group Personal Pension Scheme (between 3% and 9%)
  • Private Medical Insurance
  • 25 paid days of annual leave
  • Interest Free Season Ticket Loan
  • Holiday Purchase scheme
  • Dental and Travel Insurance options
  • Cycle to Work Scheme
  • Salary Sacrifice Cars
  • Subsidised Gym Membership
  • Employee Discounts (Reward Gateway)


Just So You Know…

The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable.  However, the business operates in an environment that demands change and the jobholder's specific responsibilities and activities will vary and develop.  Therefore, the job description should be seen as indicative and not as a permanent, definitive and exhaustive statement.