NBCUniversal
Join to apply for the
IAM and Security Services Architect
role at
NBCUniversal .
Company Description
NBCUniversal is one of the world’s leading media and entertainment companies, creating world‑class content across film, television, and streaming while operating theme parks and consumer experiences. We own and operate leading brands such as NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock.
Subsidiaries include Universal Filmed Entertainment Group, Universal Studio Group, and Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Job Description
The IAM and Security Services Architect will be a key member of the new Versant Cyber organization, designing and leading enterprise‑scale identity and security solutions. The role defines architecture for IAM, IGA, PAM, PKI, and broader security services, ensuring protection for applications, data, networks, and systems across cloud and on‑prem environments.
Responsibilities
Define IAM and security services architecture roadmap, standards, and reference models.
Architect identity solutions using Entra ID/Azure AD, Ping, Okta, CyberArk, SailPoint, and related tools.
Design authentication, SSO, federation, MFA, adaptive access, and privileged access solutions.
Integrate IAM with cloud providers (AWS, Azure, GCP) and enterprise SaaS applications.
Embed IAM and security services into DevSecOps pipelines and application development.
Define logging and monitoring standards for IAM and security events, integrating with SIEM platforms.
Architect solutions that secure applications, data, networks, and systems in hybrid environments.
Conduct security architecture reviews, threat modeling, and design assessments.
Partner with engineering and operations teams to deliver scalable, resilient security services.
Ensure compliance with regulatory frameworks (SOX, PCI, GDPR, CCPA, etc.).
Qualifications
10+ years in cybersecurity, with 5+ years in IAM and security architecture.
Deep expertise in IAM platforms (Azure AD/Entra, Ping, Okta, SailPoint, CyberArk, etc.).
Strong experience in IGA, PAM, MFA, PKI, and identity lifecycle management.
Proven ability to design secure architectures for applications, data, networks, and systems.
Application security experience, including authentication/authorization, API security, SSO/MFA, microservices, and SaaS integration.
Data security experience, including encryption, key management, access control, data classification, and compliance alignment.
Network security expertise, including segmentation, firewall/IDS/IPS, VPNs, Zero Trust networking, and traffic monitoring.
Systems security knowledge, including endpoint hardening, privileged access, patching, baselining, and OS‑level monitoring.
Hands‑on knowledge of cloud IAM (AWS, Azure, GCP) and hybrid enterprise environments.
Experience with Zero Trust models and identity‑driven access strategies.
Strong background in API security, certificate/key management, and service account governance.
Excellent communication, collaboration, and stakeholder influence skills.
Desired Characteristics
Previous experience in multiple large, complex environments, specifically within Identity and/or Security Engineering.
Experience in media and advanced technology industries.
Certifications such as CISSP, CCSP, GIAC (GDSA/GSNA), Microsoft Identity Architect, or Ping Identity.
Background in automation, scripting, and DevSecOps practices.
Master’s Degree in an IT‑related field.
Additional Requirements
Fully Remote: This position has been designated as fully remote.
Salary range: $145,000 - $175,000 (bonus eligible)
We are accepting applications for this position on an ongoing basis.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industries
Broadcast Media Production and Distribution
Entertainment Providers
Media Production
The following information holds only if you are a qualified individual. NBCUniversal complies with all applicable co‑state, federal, and foreign anti‑discrimination laws.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability.
Please contact AccessibilitySupport@nbcuni.com for assistance.
Reasonable accommodations will be provided in a timely manner. NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, or any other protected class.
Participation in our selection process may involve an in‑person interview at an NBCUniversal location.
For LA County and City Residents only: NBCUniversal will consider for employment qualified applicants with criminal histories or records of arrest or conviction, consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative for Hiring Ordinance and Los Angeles County Fair Chance Ordinance for Employers.
#J-18808-Ljbffr
IAM and Security Services Architect
role at
NBCUniversal .
Company Description
NBCUniversal is one of the world’s leading media and entertainment companies, creating world‑class content across film, television, and streaming while operating theme parks and consumer experiences. We own and operate leading brands such as NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock.
Subsidiaries include Universal Filmed Entertainment Group, Universal Studio Group, and Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Job Description
The IAM and Security Services Architect will be a key member of the new Versant Cyber organization, designing and leading enterprise‑scale identity and security solutions. The role defines architecture for IAM, IGA, PAM, PKI, and broader security services, ensuring protection for applications, data, networks, and systems across cloud and on‑prem environments.
Responsibilities
Define IAM and security services architecture roadmap, standards, and reference models.
Architect identity solutions using Entra ID/Azure AD, Ping, Okta, CyberArk, SailPoint, and related tools.
Design authentication, SSO, federation, MFA, adaptive access, and privileged access solutions.
Integrate IAM with cloud providers (AWS, Azure, GCP) and enterprise SaaS applications.
Embed IAM and security services into DevSecOps pipelines and application development.
Define logging and monitoring standards for IAM and security events, integrating with SIEM platforms.
Architect solutions that secure applications, data, networks, and systems in hybrid environments.
Conduct security architecture reviews, threat modeling, and design assessments.
Partner with engineering and operations teams to deliver scalable, resilient security services.
Ensure compliance with regulatory frameworks (SOX, PCI, GDPR, CCPA, etc.).
Qualifications
10+ years in cybersecurity, with 5+ years in IAM and security architecture.
Deep expertise in IAM platforms (Azure AD/Entra, Ping, Okta, SailPoint, CyberArk, etc.).
Strong experience in IGA, PAM, MFA, PKI, and identity lifecycle management.
Proven ability to design secure architectures for applications, data, networks, and systems.
Application security experience, including authentication/authorization, API security, SSO/MFA, microservices, and SaaS integration.
Data security experience, including encryption, key management, access control, data classification, and compliance alignment.
Network security expertise, including segmentation, firewall/IDS/IPS, VPNs, Zero Trust networking, and traffic monitoring.
Systems security knowledge, including endpoint hardening, privileged access, patching, baselining, and OS‑level monitoring.
Hands‑on knowledge of cloud IAM (AWS, Azure, GCP) and hybrid enterprise environments.
Experience with Zero Trust models and identity‑driven access strategies.
Strong background in API security, certificate/key management, and service account governance.
Excellent communication, collaboration, and stakeholder influence skills.
Desired Characteristics
Previous experience in multiple large, complex environments, specifically within Identity and/or Security Engineering.
Experience in media and advanced technology industries.
Certifications such as CISSP, CCSP, GIAC (GDSA/GSNA), Microsoft Identity Architect, or Ping Identity.
Background in automation, scripting, and DevSecOps practices.
Master’s Degree in an IT‑related field.
Additional Requirements
Fully Remote: This position has been designated as fully remote.
Salary range: $145,000 - $175,000 (bonus eligible)
We are accepting applications for this position on an ongoing basis.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industries
Broadcast Media Production and Distribution
Entertainment Providers
Media Production
The following information holds only if you are a qualified individual. NBCUniversal complies with all applicable co‑state, federal, and foreign anti‑discrimination laws.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability.
Please contact AccessibilitySupport@nbcuni.com for assistance.
Reasonable accommodations will be provided in a timely manner. NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, or any other protected class.
Participation in our selection process may involve an in‑person interview at an NBCUniversal location.
For LA County and City Residents only: NBCUniversal will consider for employment qualified applicants with criminal histories or records of arrest or conviction, consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative for Hiring Ordinance and Los Angeles County Fair Chance Ordinance for Employers.
#J-18808-Ljbffr