Application Security Engineer

2 Weeks ago • 3-7 Years • Cyber Security • $140,305 PA - $170,225 PA

Job Summary

Job Description

UMG seeks an Application Security Engineer with extensive product security experience and expertise in web security, applied cryptography, and IAM solutions. Responsibilities include performing design reviews, technical security assessments, code reviews, threat modeling, and providing remediation support. The role requires strong communication skills and collaboration with various teams. The engineer will design and implement security best practices, build automation tools, and stay updated on industry advancements. This position requires both deep and broad technical knowledge across a range of disciplines, and the ability to work hands-on across a wide variety of software designs and technology stacks.
Must have:
  • Web security expertise
  • Applied cryptography knowledge
  • IAM solutions experience
  • Software security standards knowledge
  • Code review and design review skills
  • Threat modeling experience
  • AWS or other cloud experience
  • 3+ years software development experience
Good to have:
  • Bachelor's degree in relevant field
  • Experience with Docker, Terraform, Kubernetes
  • Agile development experience
  • Experience with regulatory requirements
  • Experience securing operating systems and networks
  • Experience with automation tools (Ansible, Chef, Puppet, Jenkins)
  • Experience with automated application testing tools
Perks:
  • Comprehensive medical, dental, vision benefits
  • 100% coverage for outpatient mental health
  • Wellbeing reimbursements
  • Student loan repayment assistance
  • 401(k) match
  • Flexible PTO
  • Paid parental leave
  • Summer Fridays
  • Paid Winter Break

Job Details

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
 

How you’ll LEAD:

Our team is looking for a Application Security Engineer with extensive product security experience and deep expertise in web security, applied cryptography, software security vulnerabilities, knowledge of IAM solutions including federation as well as superb knowledge of software security standards/best practices to join our team.

We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

You will be the technical subject matter expert for multiple areas of application and product security. You will be responsible for performing design reviews, technical security assessments, and code reviews to highlight risk and help engineering teams improve the overall security of our products. You will be a security leader within the company, gaining a solid understanding of our products and systems, and ensuring that security is built in. This position requires both deep and broad technical knowledge across a range of disciplines, and the ability to work hands-on across a wide variety of software designs and technology stacks.

In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Perform design reviews and technical security assessments to highlight risk and help engineering teams improve the overall security of our products.
  • Design and implement security best practices and standards across varied engineering teams and environments.
  • Implement and conduct code reviews with a combination of static testing, manual reviews, and dynamic analysis / pen-testing.
  • Conduct threat modelling, identify & drive risk decisions, and influence technical designs and architectures.
  • Engage with developers to provide remediation support.
  • Perform security reviews of new services and features.
  • Build tools to simplify and automate Vulnerability Management processes
  • Providing engineering designs to mitigate security vulnerabilities in new software solutions.
  • Design and implement tooling and automation for application security (e.g. SAST/DAST in CI/CD).
  • Performing regular security testing as well as code reviews for improving the software security.
  • Maintaining technical documentation related to software security.
  • Ensuring software security at all levels of the architecture.
  • Staying updated with latest tools and advanced industry practices for software security.
  • Advocate for security culture and educate colleagues across all parts of UMG.

Bring your VIBE:

Essential:

  • Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
  • Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
  • Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.
  • Strong experience in web security and federation protocols (SSL/TLS, REST, OAuth, SAML, LDAP-S, SAML, WS-Federation, SCIM, OAuth, and OIDC, XSS, etc.)
  • Experience working with AWS or other cloud environments (development/architecture)
  • Experience with cloud and web application security standards (OWASP ASVS, SANS 25, etc.)
  • Understanding beyond the OWASP Top 10 by explaining the level of risk to the business.
  • 3+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java, JavaScript (Node/React), and/or Go
  • Comfortable with tools like Snyk.io, BluBracket, NoName Api security, Burp Suite, OWASP ZAP, CheckMarx, Veracode, App Spider etc.
  • A deep interest in knowing latest industry advancements in software security along with implementing them.
  • An analytical mind with a problem-solving attitude
  • Excellent organizational and communication skills

Desirable:

  • A Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity, Information Security, or a related technical field.
  • 7+ years of hands-on technical experience.
  • Experience in Docker, Terraform, Kubernetes.
  • Experience working in an Agile development environment.
  • Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.
  • Experience securing operating systems, networks, and low-level infrastructure.
  • Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.

Plus:

  • Experience with automation tools like Ansible, Chef, Puppet, Jenkins
  • Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
  • Experience with Web Application Firewalls (WAF)
  • Knowledge of AD/Azure AD and Azure AD B2B/ B2C , Okta
  • Multiple language skills

#LI-remote

Perks Playlist:

  • Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit

  • Comprehensive medical, dental, vision, and FSA options, as well as:

    • 100% coverage for out-patient mental health services

    • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

    • A lifetime fertility support allowance of $30,000 to plan participants

    • Student Loan Repayment Assistance and Tuition Reimbursement

    • 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation

  • Variety of ways to prioritize much-needed time away from work including:

    • Flexible Paid Time Off (PTO) for exempt employees

    • 3-weeks PTO for non-exempt employees

    • 2-weeks paid Winter Break

    • 10 Company Holidays (including Juneteenth and Wellbeing Day)

    • Summer Fridays (between Memorial Day and Labor Day)

    • Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish


Job Category:

Technology

Salary Range:

$140,305 - $170,225

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job.  All candidates are encouraged to apply.

Similar Jobs

Wind River Systems - Star Lab - Principal Technologist - Embedded Security Professional Services

Wind River Systems

United States (On-Site)
6 Months ago
Animoca Brands - Senior Blockchain /Smart Contract Architect

Animoca Brands

Hong Kong (Hybrid)
7 Months ago
Evolution - IT Security Engineer (Red team)/ Penetration tester

Evolution

Sofia, Sofia City Province, Bulgaria (On-Site)
5 Months ago
ByteDance - Research Scientist, Data Management and Security - Infrastructure System Lab

ByteDance

Seattle, Washington, United States (On-Site)
2 Weeks ago
Progres - Product Security Engineer, Principal

Progres

Hyderabad, Telangana, India (Hybrid)
9 Months ago
ION - Senior Security Architect

ION

Pisa, Tuscany, Italy (On-Site)
6 Months ago
Larian Studios - Lead Security & Network Engineer

Larian Studios

Warsaw, Masovian Voivodeship, Poland (On-Site)
1 Month ago
Google - Security Engineer, Operations and Security Implementation

Google

Reston, Virginia, United States (On-Site)
2 Weeks ago
PwC - Cloud Security | Manager | Cyber Security | Technology Consulting

PwC

Dublin, County Dublin, Ireland (On-Site)
7 Months ago
Google - Senior Cloud Security Architect

Google

Dubai, Dubai, United Arab Emirates (On-Site)
2 Days ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Fortanix - Manager, Product Support Engineering

Fortanix

Bengaluru, Karnataka, India (Hybrid)
5 Months ago
NVIDIA - Tegra Software Engineer (RDSS Intern)

NVIDIA

Taipei City, Taiwan (On-Site)
3 Months ago
Google - Staff Software Engineer, Security/Privacy, Formal Verification

Google

Seattle, Washington, United States (On-Site)
2 Weeks ago
ION - Cyber Security Analyst, Italy

ION

Pisa, Tuscany, Italy (On-Site)
6 Months ago
Argus Labs - Software Engineer (Junior/Fresh Graduate)

Argus Labs

Indonesia (Remote)
1 Month ago
NXP - Student Internships - Initiative Application (m/f/d)

NXP

Gratkorn, Styria, Austria (On-Site)
7 Months ago
KBG Blockchain Game Studios - Blockchain Developer (BSC)

KBG Blockchain Game Studios

Thành Phố Hồ Chí Minh, Vietnam (On-Site)
9 Months ago
Fortanix - Engineering Manager - Clients

Fortanix

Bengaluru, Karnataka, India (Hybrid)
2 Weeks ago
ByteDance - Senior Security Software Architect - Security Engineering - San Jose

ByteDance

San Jose, California, United States (On-Site)
4 Months ago
Gala games - DeFI Product Manager

Gala games

Kentfield, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in Santa Monica, California, United States

ByteDance - Research Scientist Graduate (Foundation Model - Generative AI) - 2025 Start (PhD)

ByteDance

San Jose, California, United States (On-Site)
4 Months ago
Outbrain - Insights Manager

Outbrain

Los Angeles, California, United States (Hybrid)
22 Hours ago
Google - Industry Architect, Education and Research, Public Sector

Google

Sunnyvale, California, United States (On-Site)
2 Days ago
Falcon X - FP&A Senior Associate

Falcon X

San Mateo, California, United States (Hybrid)
1 Day ago
Google - Technical Program Manager II, Capacity Delivery, Cloud Networking

Google

Thornton, Colorado, United States (On-Site)
2 Days ago
Luxoft - Senior SAP BTP Platform Engineer

Luxoft

Poland, Ohio, United States (Remote)
4 Months ago
Samsung Semiconductor - Staff Engineer, Design Verification

Samsung Semiconductor

San Jose, California, United States (On-Site)
1 Month ago
On Location - Coordinator, Ticketing and Event Operations - FIFA World Cup 26™

On Location

Austin, Texas, United States (Remote)
2 Months ago
Next Level Business Services - SAP PO Consultant

Next Level Business Services

Santa Clara, California, United States (On-Site)
6 Months ago
Meta - Global Sales Analytics Lead

Meta

San Francisco, California, United States (Remote)
5 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

ION - IT Internal Auditor, Italy

ION

Italy (Hybrid)
6 Months ago
Saviynt - Product Manager, Non-human Identities

Saviynt

El Segundo, California, United States (Remote)
6 Months ago
Trend Micro - Sr. Engineer

Trend Micro

Taipei City, Taiwan (On-Site)
7 Months ago
PwC - Assistant Manager - System and Process Assurance

PwC

Colombo, Western Province, Sri Lanka (On-Site)
7 Months ago
ION - Network Security Engineer

ION

Collecchio, Emilia-Romagna, Italy (Hybrid)
6 Months ago
Google - Software Engineer III, Security/Privacy, Google Cloud Compute Infrastructure

Google

Kirkland, Washington, United States (On-Site)
2 Weeks ago
Trend Micro - Automotive Research Engineer - Threat Intelligence & Content Creation (VicOne)

Trend Micro

Taipei City, Taiwan (On-Site)
7 Months ago
Google - Security Engineer, Endpoint Platforms Security, Core

Google

Hyderabad, Telangana, India (On-Site)
2 Weeks ago
PwC - Cloud Security | Manager | Cyber Security | Technology Consulting

PwC

Dublin, County Dublin, Ireland (On-Site)
7 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Los Angeles, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

New York, New York, United States (On-Site)

Los Angeles, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

California, United States (Remote)

Santa Monica, California, United States (On-Site)

New York, New York, United States (On-Site)

New York, New York, United States (On-Site)

Nashville, Tennessee, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Universal Music

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug