PitchMeAI
Universal Music Group

Network Security Engineer (Firewall & NAC)

Universal Music Group · Sydney, New South Wales, Australia

This listing has closed — view similar roles below.

  • On site
  • Full-time
  • $120,000 / year
  • Sydney, New South Wales, Australia

Job highlights

  • Design and operate enterprise firewall and NAC solutions.
  • Implement Zero Trust and least-privilege security.
  • Standardize firewall platforms and configurations.
  • Manage Network Access Control strategy and policy.
  • Own network security logging and SIEM integration.

About the role

Network Security Engineer (Firewall & NAC)

The Role UMG is seeking an experienced Network Security Engineer (Firewall & NAC) to join our Global Network Infrastructure team. This role plays a critical part in UMG’s Global Security and Cybersecurity strategy by designing, standardizing, and operating enterprise firewall and perimeter security platforms. The ideal candidate will have deep hands-on experience with next-generation firewall technologies, a strong focus on security standardization, and the ability to partner closely with Cybersecurity and Infrastructure teams in a global enterprise environment. Key Responsibilities
  • Design, deploy, and support enterprise firewall and perimeter security solutions
  • Build, implement and maintain security controls aligned with Zero Trust and least-privilege principles
  • Lead standardization efforts across firewall platforms and configurations
  • Define and maintain Network Access Control (NAC) strategy, standards, and architectures (Cisco ISE) to support secure enterprise access.
  • Design, implement, and operationalize NAC policy including authentication/authorization, device profiling, and identity-based segmentation enforcement.
  • Own network security logging and telemetry strategy for firewall and NAC controls, including log scope, retention, access controls, and audit readiness.
  • Design and implement logging methods and systems (e.g., syslog, API-based ingestion, cloud-native logging) to onboard network security events into the enterprise SIEM for monitoring and incident response.
  • Partner with the SOC to define alerts, dashboards, and investigation workflows based on firewall and NAC security logs.
  • Perform security assessments and contribute to risk reduction initiatives
  • Serve as an escalation point for complex firewall and network security issues
  • Maintain network security standards documentation, configuration standards, and operational runbooks
  • Participate in technology evaluations and security architecture reviews
  • Ensure adherence to change, incident, and problem management processes
Qualifications Required:
  • 5+ years of overall IT experience
  • 3+ years in firewall or network security engineering roles
  • Experience with firewall concepts and implementations, preferably Palo Alto Networks firewalls.
  • Experience with Network Access Control (NAC) concepts and implementations, preferably Cisco Identity Services Engine (ISE).
  • Working knowledge of AAA and secure access methods including 802.1X and RADIUS/EAP; familiarity with certificate-based authentication and PKI dependencies.
  • Experience designing and operating security logging for network security controls, including log source onboarding, normalization, retention, and integration with SIEM platforms.
  • Solid understanding of IP networking, routing, and security fundamentals
  • Experience working in large, global, or regulated environments
  • Strong communication and documentation skills
Preferred:
  • Security certifications such as CCNP Security, PCNSE, or equivalent
  • Familiarity with Zero Trust, network segmentation, and security governance frameworks
  • Experience supporting audits, compliance, or regulatory requirements
Universal Music Group is an Equal Opportunity Employer.  Diversity & Inclusion At Universal Music we are committed to fostering diversity and inclusivity as an equal opportunity employer. We encourage applicants from all backgrounds to apply for our roles regardless of their gender, race, ethnicity, nationality, age, sexual orientation, gender identity, intersex status, marital or family status, neurodiversity, religion or belief, disabilities, or socio-economic background. We also encourage people from all cultural backgrounds to apply, including First Nations people. It is through our diversity and inclusivity that we bring together different perspectives, enhancing our creative and evolving workplace. Music is Universal. Disclaimer The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable. However, the business operates in an environment that demands change and the jobholder's specific responsibilities and activities will vary and develop. Therefore, the job description should be seen as indicative and not as a permanent, definitive and exhaustive statement. Job Category: Technology Key skills/competency
  • Network Security Engineer
  • Firewall
  • NAC
  • Palo Alto Networks
  • Cisco ISE
  • Zero Trust
  • Cybersecurity
  • SIEM
  • Network Access Control
  • IT Security

Skills & topics

  • Network Security Engineer
  • Firewall
  • NAC
  • Palo Alto Networks
  • Cisco ISE
  • Zero Trust
  • Cybersecurity
  • SIEM
  • Network Access Control
  • IT Security
  • Network Infrastructure
  • Security Architecture
  • Security Controls
  • Log Management
  • Incident Response
  • Global Security
  • IT Experience
  • Security Engineering
  • RADIUS
  • 802.1X

How to get hired

  • Research UMG: Understand Universal Music Group's global impact and commitment to diversity.
  • Tailor Your Resume: Highlight your 5+ years IT and 3+ years network security experience.
  • Showcase Firewall & NAC Skills: Emphasize Palo Alto Networks, Cisco ISE, and Zero Trust expertise.
  • Prepare for Technical Questions: Be ready to discuss IP networking, AAA, and SIEM integration.
  • Demonstrate Communication: Highlight strong documentation and collaboration skills for a global role.

Technical preparation

Master firewall concepts and Palo Alto Networks.,Implement and manage Cisco ISE for NAC.,Configure AAA, 802.1X, RADIUS, and EAP.,Set up security logging and SIEM integration.

Behavioral questions

Describe a complex security issue you resolved.,How do you standardize security across platforms?,Explain your experience with Zero Trust principles.,How do you collaborate with cybersecurity teams?

Frequently asked questions

What are the key technical skills required for the Network Security Engineer role at Universal Music Group?
The Network Security Engineer role at Universal Music Group requires strong experience with enterprise firewall technologies (preferably Palo Alto Networks) and Network Access Control (NAC) solutions, specifically Cisco ISE. You should also have a solid understanding of IP networking, AAA, 802.1X, RADIUS, and SIEM integration for security logging.
What is the experience level expected for this Network Security Engineer position at UMG?
Universal Music Group is looking for candidates with a minimum of 5 years of overall IT experience, with at least 3 of those years focused specifically on firewall or network security engineering roles. Experience in large, global, or regulated environments is also highly valued.
How does Universal Music Group approach security, and what frameworks are important for this role?
UMG emphasizes a Global Security and Cybersecurity strategy that includes designing, standardizing, and operating enterprise firewall and perimeter security platforms. Key frameworks and principles for this role include Zero Trust and least-privilege access, aligning with secure enterprise access and identity-based segmentation.
What kind of documentation and communication skills are needed for the Network Security Engineer at UMG?
Strong communication and documentation skills are essential. You will be responsible for maintaining network security standards documentation, configuration standards, and operational runbooks. The ability to partner effectively with Cybersecurity, Infrastructure, and SOC teams in a global enterprise is also crucial.
Are there specific certifications that are beneficial for the Network Security Engineer role at Universal Music Group?
While not strictly required, Universal Music Group prefers candidates with security certifications such as CCNP Security, PCNSE, or equivalent. Familiarity with security governance frameworks and experience supporting audits or compliance requirements are also considered advantageous.
What is the role of Network Access Control (NAC) in this position at UMG?
The Network Security Engineer will define and maintain UMG's NAC strategy, standards, and architectures, with a preference for Cisco ISE. This includes designing, implementing, and operationalizing NAC policies for secure enterprise access, device profiling, and identity-based segmentation.
How is security logging and SIEM integration handled in this role at Universal Music Group?
This role owns the network security logging and telemetry strategy for firewall and NAC controls. You will design and implement logging methods to onboard security events into the enterprise SIEM for monitoring, incident response, and to partner with the SOC for alert definition and investigation workflows.