Sr. Cyber Security Log Management Engineer

Tech Remote, United States Req. UMG-5146


We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation, and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute, and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

How we LEAD: 

The Cybersecurity Engineer reports to the Senior Vice President Security Operations. Candidate must be a highly motivated individual with experience working with security solutions in an enterprise environment. This position handles vendors that provide incident response and services, provides network and system forensics in support of investigations and global security incident response activities. This position works closely with technology, application teams and business units. This role will allow learning and growth on various security technologies. The Cybersecurity Engineer will support other efforts in the SecOps & Business Resiliency team and work closely with other team members in the Global Security Office (GSO).

How you’ll CREATE:  

The Cybersecurity Engineer role is part of the Security Operations team that will manage, maintain, design, configure, and document security tools, systems, and processes including, but not limited to, the following:

  • Sustain and refine the enterprise security logging system
  • Lead SIEM onboarding, integration, administration, maintenance, and documentation of SIEM technology components
  • Provide architectural direction, documentation, and oversight of SIEM including but not limited to log collection, aggregation, indexing, search, alerting, and integrations
  • Manage SIEM access lifecycle activities including account creation, modification, and deletion.
  • Manage and ensure the lifecycle, availability, and recoverability of the SIEM ecosystem
  • Manage implementation of product enhancement adoption and integration into operations.
  • Create and provide oversight for rule creation to generate actionable security alerts, meet audit requirements, conduct incident response investigations, and manage visibility into threats.
  • Assist the SecOps team with administration of security tools and technologies
  • Assist the SecOps team with maintaining security systems (Linux, Windows, etc.)
  • Collect and review systems and application security logs from all systems (Firewalls, OS, Email, IDS, Splunk, etc.), take action to mitigate any threats based on findings.
  • Conduct log analysis across a diverse ecosystem of technology (operating systems, internally developed web apps, software-as-a-service apps, cloud infrastructure)
  • Ensure compliance with internal policies, standards, and regulatory requirements
  • Perform forensics activities and root cause analysis
  • Participate in the design/architecture, development, and implementation of any new application or service
  • Automate and integrate workflows between and within the SIEM, big data platforms, threat & vulnerability intelligence ingestion and information security incident response system
  • Automate triage, analysis, response, and remediation tasks and processes with code, APIs, and SOAR tools. Contribute to the creation and tuning of detection rules.
  • Participate in the security operations on-call rotation
  • Perform other duties as assigned
  • Lead projects, planning, controlling, executing, and closing assigned projects to produce required deliverables

Bring your VIBE:

  • Proficient in various SIEM technology administration, architecture, and engineering
  • Excellent analytical and problem-solving skills
  • Solid understanding and interest in recognized information security related standards, analysis frameworks (MITRE ATT&CK, Kill Chain, NIST Incident Response, etc.) and technologies.
  • Knowledge about exploits, vulnerabilities, network attacks
  • Excellent written and oral communication skills
  • Self-motivated, detail-oriented with analytical and interpersonal skills
  • Good working knowledge of security operations, safety practices in a business environment and enforcement of procedures.
  • Ability to work under pressure and handle multiple projects with tight deadlines across a global enterprise
  • Knowledge about vulnerability scanners and application scanners
  • Proficient with Linux administration
  • Ability to construct basic Boolean logic and regex search strings and scripting using Python, Linux shell scripts, regex, a plus
  • Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems
  • Excellent time management and organizational skills
  • 3+ years of systems engineering experience and cybersecurity work, preferably in an entertainment industry
  • 3+ years’ experience in SIEM technology administration, architecture, and engineering
  • Experience monitoring and responding to security incidents involving traditional (Windows, Mac, Linux) and cloud-based infrastructure (AWS, GCP, and/or Azure)
  • Strong interpersonal skills, communication (oral and written), and presentation skills
  • Proficient in Microsoft Office products (Word, Excel, PowerPoint)
  • Experience with log collection for containers such as docker or Kubernetes
  • Minimum 2 years of Python and Linux shell scripts
  • Four-year degree, industry certification, or work equivalent
  • Splunk certifications a plus

Perks Playlist:

  • Competitive Compensation Package including Salary, Benefits and Generous 401k Savings Plan
  • Paid Time Off – Paid Holidays, “Gift Week”, Summer Fridays
  • Student Loan Repayment Assistance
  • Employee Developmental Support
  • Annual Gym Reimbursement Package
  • Pet Insurance, plus much more!

Universal Music Group is an Equal Opportunity Employer

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change