Sr. Security Engineer

Tech Los Angeles, California Remote, United States Req. UMG-5140


We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

How we LEAD: 

This role is responsible for assessing and assuring the security and integrity of Universal Music Groups’s applications and the environments where they’re built and reside. The Global Security Office partners with all business units enterprise wide as well as product and engineering throughout the software development lifecycle to ensure applications are designed and built securely.

How you’ll CREATE:

  • Develop and refine application security best practices to standardize security practices
  • Provide security guidance for the organization to protect critical assets and data
  • Lead Information Security planning processes to enhance a comprehensive Information Security program for the entire organization.
  • Provide guidance and counsel to management and other staff regarding all aspects of Information Security.
  • Lead and contribute to threat modeling processes
  • Lead efforts to internally assess, evaluate and make recommendations regarding the adequacy of the security controls for the organization's information and technology systems.
  • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
  • Work with software development teams to integrate automated security testing mechanisms
  • Contribute to education and awareness programs and advise staff at all levels on security issues, best practices, and vulnerabilities
  • Interpret security tools and penetration testing results and describe issues and fixes to developers
  • Provide vulnerability remediation guidance and mentoring to product development software engineers
  • Build metrics to track security defects and automate collection of security information to derive metrics
  • Enable automation of product security testing and find innovative ways to scale the security team
  • Evaluation of new technologies, tools, and/or development techniques that impact security
  • Contribute to education and awareness programs and advise staff at all levels on security issues, best practices, and vulnerabilities
  • Conduct security assessments as needed
  • Other duties as assigned

Bring your VIBE:

  • 2+ years of experience developing on web and mobile and API platforms
  • 2+ years reviewing source code, using security testing tools, and modeling web and mobile applications
  • Ability to communicate security related topics effectively with business representatives
  • Technical experience with enterprise level directory/messaging services (Active Directory, O365, SharePoint, etc.) implementation and operations
  • Cloud Security and Architecture related certifications (VMware, MS Azure, GCP, AWS) are a plus
  • Familiarity with popular cloud services offered by AWS, GCP, and Azure Cloud platforms.
  • Candidates must be able to explain vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 to any audience, and discuss effective defensive techniques
  • Understanding of modern web application frameworks such as SPA, front-end and back-end technologies
  • Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
  • Familiarity with dynamic and static security analysis tools
  • Deep understanding of continuous integration / continuous deployment processes and tools
  • Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts
  • Ability to automate tasks using a scripting language (Python, Ruby, etc.)
  • Ability to program in Python, experience with a compiled language such as golang or C a plus.
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
  • Humble expert with a sense of urgency
  • Team focus with an ability to work in a matrixed organization

Perks Playlist:

  • Competitive Compensation Package including Salary, Benefits and Generous 401k Savings Plan
  • Paid Time Off – Paid Holidays, “Winter Break”, Summer Fridays
  • Student Loan Repayment Assistance
  • Employee Developmental Support
  • Annual Gym Reimbursement Package
  • Pet Insurance, plus much more!

Universal Music Group is an Equal Opportunity Employer

All UMG employees are currently required to be fully vaccinated against COVID-19 before entering any Company offices unless they have been approved for an exemption or unless prohibited by applicable law.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.