Overview

IAM Engineer – PAM & PKI – London, N1C 4AG, United Kingdom 

Job Summary

We are currently seeking an Identity & Access Management Engineer with deep specialization in Privileged Access Management (PAM) and Public Key Infrastructure (PKI) to join UMG’s global Tech Security & Identity organization. Reporting to the VP, Tech Security & Identity, this role is a hands-on engineering position focused on designing, implementing, and operating enterprise-grade PAM and PKI capabilities across a complex, global environment.

This engineer will play a critical role in securing privileged identities, service accounts, machine identities, and cryptographic trust across on-premises and cloud platforms. The position emphasizes technical execution, automation, and operational excellence, partnering closely with infrastructure, security, and application teams to reduce risk, improve resilience, and scale identity security services. The ideal candidate brings strong CyberArk and PKI experience, an automation-first mindset, and the ability to operate effectively in a regulated, highly distributed enterprise.

Job Functions

  • Design, engineer, deploy, and operate Privileged Access Management solutions, with primary responsibility for CyberArk platforms including Vault, CPM, PVWA, PSM, and related integrations.

  • Implement and manage PAM controls for human and non-human identities, including privileged users, service accounts, application credentials, and secrets.

  • Engineer and support enterprise PKI services, including certificate issuance, renewal, revocation, and lifecycle automation across infrastructure, applications, and end-user devices.

  • Administer and enhance PKI platforms and services such as Microsoft AD Certificate Services (ADCS), public certificate authorities, and certificate lifecycle management tools.

  • Develop and maintain automation for PAM and PKI workflows using scripting and infrastructure-as-code approaches (PowerShell, Python, Terraform, APIs).

  • Partner with application, cloud, and infrastructure teams to integrate PAM and PKI capabilities into platforms, CI/CD pipelines, and operational processes.

  • Define and enforce privileged access policies, credential management standards, and cryptographic controls aligned to security, audit, and compliance requirements.

  • Troubleshoot and resolve complex PAM and PKI incidents, including certificate outages, access failures, and privileged session issues.

  • Contribute to operational readiness, monitoring, and audit support activities related to PAM and PKI controls (e.g., SOX, ISO 27001, internal audits).

  • Maintain technical documentation, runbooks, and configuration standards to support scalable and repeatable operations.

  • Continuously evaluate opportunities to improve security posture, resilience, and efficiency through automation, tooling enhancements, and process optimization.

Job Requirements

Essential Qualifications

  • 5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, with strong focus on Privileged Access Management and/or PKI.

  • Demonstrated experience engineering and operating CyberArk PAM solutions in an enterprise environment.

  • Strong hands-on experience with PKI concepts and technologies, including certificate lifecycle management, trust models, and cryptographic standards.

  • Experience administering Microsoft AD Certificate Services (ADCS) and managing public SSL/TLS certificates.

  • Proficiency in scripting and automation using tools such as PowerShell and Python; experience with infrastructure-as-code or API-based integrations preferred.

  • Solid understanding of identity, authentication, and access control concepts, particularly as they relate to privileged and machine identities.

  • Experience working in hybrid and cloud environments (Azure and/or AWS) integrating PAM and PKI controls.

  • Ability to work independently on complex technical problems while collaborating effectively within a global, cross-functional team.

  • Strong troubleshooting, documentation, and communication skills, with the ability to explain technical issues to non-specialist stakeholders.

Desirable Qualifications

  • Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical discipline.

  • Experience with certificate management platforms such as Keyfactor or Venafi.

  • Experience integrating PAM or PKI into CI/CD pipelines, DevOps tooling, or secrets management solutions.

  • Familiarity with identity and security compliance frameworks such as SOX, ISO 27001, NIST, or similar.

  • Professional certifications such as CyberArk Defender, Microsoft Certified: Identity and Access Administrator, Security+, CISSP, or similar.

  • Experience operating IAM or security services within a large, global, or highly regulated enterprise environment.

About UMG UK

We are Universal Music Group UK – the UK’s leading music-based entertainment company. We exist to shape culture through the power of artistry. We help UK artists produce, distribute and promote the most critically acclaimed and commercially successful music to inspire and entertain fans at home and around the world.​

Bonus Tracks: Your Benefits

  • Group Personal Pension Scheme (between 3% and 9%)

  • Private Medical Insurance

  • 25 paid days of annual leave

  • Interest Free Season Ticket Loan

  • Holiday Purchase scheme

  • Dental and Travel Insurance options

  • Cycle to Work Scheme

  • Salary Sacrifice Cars

  • Subsidised Gym Membership

  • Employee Discounts (Reward Gateway)

 

Before you apply -
Register now and turn on alerts for jobs like this!

  • To apply for this position, receive job notifications and manage your applications, click "Register with Diversity Jobs Group".
  • To apply for this position without registering, click "Apply with Customer".

By registering you agree to our terms and conditions.

Apply with Customer

IMPORTANT: Before applying for this role, please make sure you have the right to work in the country where the role is based. Unless it clearly stipulates within in the job advert above that the hiring company is looking to or able to sponsor applicants it is deemed that the hiring employer will only consider applications from those able to comply with and work in the country where the role is based.