Senior Identity & Access Management Engineer
Universal Music GroupNashville, TN
Full Time Job
Senior Identity & Access Management (IAM) Engineer
How we LEAD:
As a key member of the UMG Operations Center, the Senior Identity and Access Management Engineer is responsible for ensuring our Identity Management environment, including Active Directory functions at peak efficiency. The position will be a team player working to expand the integration of our identity management solutions with our enterprise applications, support day-to-day administration, reporting, troubleshooting, and operations of our Identity Management environment. In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.
How you’ll CREATE:
• Provides subject matter expertise in the design, development, testing, implementation, and integration of Identity and Access Management (IAM) systems and solutions. Utilize best practices to ensures that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss.
• Troubleshoots and manages the resolution of issues related identities, systems, access, accounts, authentication, authorization, entitlements, and permissions.
• Troubleshoots, supports and resolves system incidents, problems and changes, as required
• Provides ITIL based operational support and acts as a technical resource for the Active Directory infrastructure, including incident, change, and problem management
• Provides support of on premise and cloud-based equipment and configuration including but not limited to Domain Controllers, SaaS applications such as Azure Active Directory, O365, Okta, MIM, and Active Roles servers.
• Complete the key metric reporting and analysis for the Identity Management environment as required.
• Work to ensure audit tasks related to Identity Management are completed on time, with participation of appropriate parties
• Utilize industry best practices for appropriate standards, processes, procedures, tools, and documentation.
• Ensure the maintenance, patching, operating, and monitoring of IAM systems is in place and completed.
• Participate in on-call rotation, and as such, work out of standard business hours will occasionally be required
Bring your VIBE:
• Solid technical skills in the Identity Management space, including Active Directory 2008 through Active Directory 2016.
• Minimum of five years directly related experience in Identity & Access Management (IAM)
• A strong ability for troubleshooting and problem analysis is required, along with the ability to clearly communicate the results of problem analysis to business stakeholders, IT support teams, and network providers to quickly and effectively resolve operational issues.
• Experience troubleshooting, managing, and solving issues related to identities, systems, access, accounts, authentication, authorization, entitlements, and permissions
• Hands on experience of Active Directory operation and support including Active Directory Infrastructure components (FSMO roles), delegated administration, group policies, OU admin & Site replication, ADFS, Exchange operation and support including OWA, SMTP services, routing / costing
• Technical expertise in the following:
• Component services & areas: domain design, DDNS, DHCP, Activesync, Outlook client, Spam filtering, Virus services
• Relevant management & operational tooling: NetIQ Security & Application Manager, QUEST, Insight mgt and Microsoft Administration tools
• Directory Services, Directory services replication/synchronization, Kerberos, Active Directory compliance for Schema Extensions, DEA (Directory Enabled Applications), SMTP Query management, S-LDAP, AD integration security, federation services and Forest system context management for application services.
• Adept at PowerShell & VB scripting, regular expressions, policy management, etc. Additional experience in one or more scripting languages such as Python, Ansible, or JSON is a plus
• Customer service driven/focused with a proactive and positive can-do approach. Demonstrates commitment to organization’s policy framework and practices continuous improvement.
• Hands-on experience and skills with systems such as Skype for Business (on-prem, hybrid, and online), O365, and Service Now are required. Experience with ServiceNow orchestration into Active Directory & O365 is a plus.
• Experience with security protocols such as S-LDAP, SAML, WS-Federation, SCIM, OAuth, and OIDC
• Demonstrated current work experience supporting integrated IAM solutions such as Azure Active Directory, Active Roles, Duo, MIM, CyberArk, Okta, ForgeRock, PingFederate, and SiteMinder
• Demonstrated organizational skills, attention to detail and ability to work both independently and as part of a team.
• Solid written, oral, and interpersonal communications skills
• Bachelor’s Degree in Computer Science or Engineering or closely related field or comparable education and experience.
• Understanding of Microsoft Teams group/system policies, survivable branch appliances, unified messaging, and federation
• IT Certifications including MCSE Certification specialization in Identity Management, Certified Access Management Specialist (CAMS), and ITIL Foundations certifications desired
• International experience beneficial; multiple language skills a plus
• Competitive Compensation Package including Salary, Benefits and Generous 401k Savings Plan
• Paid Time Off – Paid Holidays, “Gift Week”, Summer Fridays
• Student Loan Repayment Assistance
• Employee Developmental Support
• Annual Gym Reimbursement Package
• Pet Insurance, plus much more!
Universal Music Group is an Equal Opportunity Employer.