About the position
UMG is seeking an experienced Network Security Engineer (Firewall & NAC) to join our Global Network Infrastructure team. This role plays a critical part in UMG’s Global Security and Cybersecurity strategy by designing, standardizing, and operating enterprise firewall and perimeter security platforms. The ideal candidate will have deep hands-on experience with next-generation firewall technologies, a strong focus on security standardization, and the ability to partner closely with Cybersecurity and Infrastructure teams in a global enterprise environment.
Responsibilities
• Design, deploy, and support enterprise firewall and perimeter security solutions
• Build, implement and maintain security controls aligned with Zero Trust and least-privilege principles
• Lead standardization efforts across firewall platforms and configurations
• Define and maintain Network Access Control (NAC) strategy, standards, and architectures (Cisco ISE) to support secure enterprise access.
• Design, implement, and operationalize NAC policy including authentication/authorization, device profiling, and identity-based segmentation enforcement.
• Own network security logging and telemetry strategy for firewall and NAC controls, including log scope, retention, access controls, and audit readiness.
• Design and implement logging methods and systems (e.g., syslog, API-based ingestion, cloud-native logging) to onboard network security events into the enterprise SIEM for monitoring and incident response.
• Partner with the SOC to define alerts, dashboards, and investigation workflows based on firewall and NAC security logs.
• Perform security assessments and contribute to risk reduction initiatives
• Serve as an escalation point for complex firewall and network security issues
• Maintain network security standards documentation, configuration standards, and operational runbooks
• Participate in technology evaluations and security architecture reviews
• Ensure adherence to change, incident, and problem management processes
Requirements
• 5+ years of overall IT experience
• 3+ years in firewall or network security engineering roles
• Experience with firewall concepts and implementations, preferably Palo Alto Networks firewalls.
• Experience with Network Access Control (NAC) concepts and implementations, preferably Cisco Identity Services Engine (ISE).
• Working knowledge of AAA and secure access methods including 802.1X and RADIUS/EAP; familiarity with certificate-based authentication and PKI dependencies.
• Experience designing and operating security logging for network security controls, including log source onboarding, normalization, retention, and integration with SIEM platforms.
• Solid understanding of IP networking, routing, and security fundamentals
• Experience working in large, global, or regulated environments
• Strong communication and documentation skills
Nice-to-haves
• Security certifications such as CCNP Security, PCNSE, or equivalent
• Familiarity with Zero Trust, network segmentation, and security governance frameworks
• Experience supporting audits, compliance, or regulatory requirements
Benefits
• Comprehensive medical, dental, and vision coverage
• Including 100% coverage for out-patient in-network mental health services
• Fertility coverage for eligible medical plan participants
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• Student Loan Repayment Assistance and Tuition Reimbursement
• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
• A variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees
• 2-weeks paid Winter Break
• 10 Company Holidays (including Juneteenth and Wellbeing Day)
• Summer Fridays (between Memorial Day and Labor Day)
• Generous paid parental leave for every type of parent