IAM Engineer

Tech Woodland Hills, California Remote, United States Req. R0003788


We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation, and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute, and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

How you’ll LEAD:

We are currently seeking an identity and access management specialist with deep level expertise in Active Directory, Azure AD, SAML, and OAuth as well as experience in MS Office 365 administration, and Cloud Identity Solutions.  

The position will be a team player working to expand the integration of our identity management solutions with our enterprise applications, support day-to-day administration, reporting, troubleshooting, and operations of our Identity Management environment.  


In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Works with the team on integration efforts between Azure/Active Directory and keys systems such as Workday, ServiceNow, and SAP
  • Provides expertise in the design, development, testing, implementation, and integration of Identity and Access Management (IAM) systems and solutions, both on-prem and cloud based. 
  • Works to ensure data within Active Directory systems is complete and accurate
  • Facilitates the successful and on-time completion of major programs and projects. 
  • Integrate IAM systems with identity governance solutions such as Saviynt/SailPoint, in-house applications, third party applications and SaaS applications for provisioning, identity authentication, and developing connectors between IAM tools and system resources
  • Provides engineering level support to troubleshoot and resolves system incidents, problems, and changes, as required
  • Provides ITIL based operational support and acts as a technical resource for the Active Directory infrastructure, including incident, change, and problem management
  • Provides support of on premise and cloud-based equipment and configuration including but not limited to Domain Controllers, SAML, OAuth, and Azure Active Directory, O365, Okta, MIM, and Identity tools such as SailPoint or Saviynt.
  • Complete the key metric reporting and analysis for the Identity Management environment as required.
  • Work to ensure audit tasks related to Identity Management are completed on time, with participation of appropriate parties
  • Utilize industry best practices for appropriate standards, processes, procedures, tools, and documentation.
  • Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner

Bring your VIBE:

  • Technical skills in the Identity Management space, including Active Directory 2016, Identity Governance toolsets, AzureAD, PAM, PIM, SAML, OAuth.
  • Minimum of 4 years directly related experience in Identity & Access Management (IAM)
  • A high level of technical ability for troubleshooting and problem analysis is required, as wells as ability to clearly communicate the results stakeholders and support teams.
  • Experience troubleshooting, managing, and solving issues related to all areas of identity management
  • Hands on experience of Active Directory operation and support in a global enterprise including Active Directory Infrastructure components (FSMO roles), delegated administration, group policies, OU admin & Site replication, ADFS, Exchange operation and support including OWA, SMTP services, routing / costing
  • Technical competence in the following:
    • Relevant management & operational tooling: SailPoint, Saviynt, Microsoft & Azure Administration tools
    • SSO and Federation of configuration of applications to make use of Azure/Active Directory
    • Directory Services, Directory services replication/synchronization, Kerberos, Active Directory compliance for Schema Extensions, DEA (Directory Enabled Applications), SMTP Query management, LDAPS, AD integration security, federation services and Forest system context management for application services.
    • Adept at scripting including PowerShell, Python, & VB scripting
    • Various data file formats including JSON, CSV, LDIF, XML, HTML, etc.
    • Component services & areas: domain design, DDNS, DHCP, Outlook client, Spam filtering, Virus services
  • Customer service driven/focused with a proactive and positive can-do approach. Demonstrates commitment to organization’s policy framework and practices continuous improvement.
  • Experience of client system dependencies, e.g., GPOs, logon script using VBScript, ADSI, XMLDom, and LDAP queries
  • Hands-on experience and skills with systems such as Azure, O365, Workday, and Service Now are required.  Experience with integration of Workday and ServiceNow orchestration into Active Directory & O365 is a plus. 
  • Experience with security protocols such as LDAP/LDAPS, SAML, WS-Federation, SCIM, OAuth, and OIDC
  • Demonstrated current work experience engineering, customizing, and integrating IAM solutions such as Azure Active Directory, SailPoint, Saviynt, Duo, MIM, CyberArk, Duo, Okta, ForgeRock, PingFederate, and SiteMinder
  • Demonstrated organizational skills, attention to detail and ability to work both independently and as part of a team.  
  • Foster a team environment in a global fast-paced enterprise
  • Bachelor’s Degree in Computer Science or Engineering or closely related field or comparable education and experience.
  • 8+ years working within enterprise information technology
  • Experience configuring, customizing, and integrating IT systems with technologies such as Java, JavaScript, XML, SOAP, JSON/REST, SQL, RDBMS, Linux, Windows, and databases
  • IT Certifications including MCSE Certification specialization in Identity Management, CISSP, and ITIL v3 Foundation’s certifications
  • International experience beneficial; multiple language skills a plus

Perks Playlist:

  • Competitive Compensation Package including Salary, Benefits and Generous 401k Savings Plan
  • Paid Time Off – Paid Holidays, “Winter Break”, Wellness Fridays
  • Student Loan Repayment Assistance
  • Employee Developmental Support
  • Annual Gym Reimbursement Package

Universal Music Group is an Equal Opportunity Employer

All UMG employees are currently required to be fully vaccinated, and boosted, against COVID-19 before entering any Company offices unless they have been approved for an exemption or unless prohibited by

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.