Principal Application Security Engineer

2 Months ago • 8 Years + • Cyber Security • $164,325 PA - $200,605 PA

Job Summary

Job Description

The Principal Application Security Engineer at UMG will lead the protection of digital applications and software. Responsibilities include detecting, mitigating, and responding to application security threats, performing penetration and application security testing (pre/post-release and 3rd party), and collaborating with various teams. The role requires strong technical skills, excellent communication, and the ability to work effectively in a global environment. This involves identifying and mitigating attack vectors, analyzing application strengths/weaknesses, developing exploits, reporting findings, providing security expertise, and strengthening API security. The engineer will also harden software supply chains, integrate automated security into CI/CD, and contribute to security training and policy.
Must have:
  • 8+ years in Application Security
  • Knowledge of application-layer attacks
  • Experience with SAST, DAST, SCA tools
  • Secure software supply chain experience
  • Excellent communication skills
Good to have:
  • Experience with media streaming security
  • Digital Rights Management (DRM) experience
  • Anti-piracy experience
Perks:
  • Comprehensive medical, dental, vision
  • Wellbeing reimbursements
  • Student loan repayment assistance
  • 401(k) match
  • Flexible PTO
  • Paid parental leave

Job Details

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
 

How you’ll LEAD:

Our team is looking for a Principal Application Security Engineer to lead the protection and defense of our digital applications and software ecosystem.  This role will focus on detecting, mitigating, and responding to application security threats, ensuring that our applications and services remain resilient against cyber threats.  In addition, they will focus on penetration and application security testing concentrating on pre-release, post-release, and 3rd party applications.

We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

In addition to having strong technical skills, you must be comfortable in effectively communicating with business leadership, our software development community, technical IT teams, and business partners, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Defend UMG applications by identifying and mitigating real-world attack vectors, including OWASP Top 10, API abuse, and software supply chain risks;
  • Conduct analysis and testing to verify the strengths and weaknesses of applications in various environments, utilizing commercial and open-source tooling;
  • Develop exploits based on assessments and/or ability to make modifications on existing exploits;
  • Identify and clearly articulate (written and verbal) findings to stakeholders;
  • Provide subject matter expertise with application security, advising the organization on best practices and emerging security threats;
  • Strengthen API security by enforcing authentication, rate-limiting, and anomaly detection against abuse and fraud;
  • Harden software supply chains by implementing SBOM standards, validating dependencies, and mitigating risks from 3rd party software;
  • Integrate automated security defenses into the CI/CD pipeline, ensuring security testing is continuous and proactive;
  • Assist in maturation of security champions program;
  • Assist in development of company specific application security training content;
  • Author best practices, guidelines, standards and policy; and
  • Other duties as assigned.

Bring your VIBE:

  • 8+ years of experience in Application Security, Product Security, or Security Engineering;
  • Strong knowledge of application-layer attacks, including but not limited to: SQL injections, XSS, SSRF, RCE, and API abuse;
  • Hands on experience with SAST, DAST, SCA, etc. tooling;
  • Experience with secure software supply chain (SBOM, dependency scanning, artifact signing);
  • Team player with the ability to both articulate thoughts and opinions but also listen and compromise; and,
  • Experience with media streaming security, Digital Rights Management (DRM), and/or anti-piracy a plus.

#LI-remote

Perks Playlist:

  • Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit

  • Comprehensive medical, dental, vision, and FSA options, as well as:

    • 100% coverage for out-patient mental health services

    • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

    • A lifetime fertility support allowance of $30,000 to plan participants

    • Student Loan Repayment Assistance and Tuition Reimbursement

    • 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation

  • Variety of ways to prioritize much-needed time away from work including:

    • Flexible Paid Time Off (PTO) for exempt employees

    • 3-weeks PTO for non-exempt employees

    • 2-weeks paid Winter Break

    • 10 Company Holidays (including Juneteenth and Wellbeing Day)

    • Summer Fridays (between Memorial Day and Labor Day)

    • Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish


Job Category:

Technology

Salary Range:

$164,325 - $200,605

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job.  All candidates are encouraged to apply.

Similar Jobs

Good Job Games - Software Engineer

Good Job Games

İstanbul, Türkiye (On-Site)
6 Months ago
Zazz - Java Developer

Zazz

(Remote)
3 Months ago
Make - Software Engineer - Back-end - Core Enterprise Capability

Make

Prague, Prague, Czechia (On-Site)
3 Weeks ago
Zazz - Data Engineer

Zazz

(Remote)
4 Months ago
Arcadia - Software Engineer II - Salesforce

Arcadia

Chennai, Tamil Nadu, India (Hybrid)
1 Month ago
Google - Technical Solutions Consultant, End to End Systems

Google

New York, New York, United States (On-Site)
1 Month ago
Microsoft - Principal Software Engineer

Microsoft

(On-Site)
1 Month ago
PwC - Consultoría | Manager Ciberseguridad

PwC

Madrid, Community Of Madrid, Spain (On-Site)
8 Months ago
Google - Senior Cloud Security Architect

Google

Dubai, Dubai, United Arab Emirates (On-Site)
1 Month ago
Meta - Product Security Engineer

Meta

Washington, District Of Columbia, United States (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Nexters - QA Lead

Nexters

Cyprus (Remote)
1 Month ago
Epic Games - Senior Software Engineer, Developer Relations (UE China)

Epic Games

Shanghai, Shanghai, China (On-Site)
4 Months ago
Unity - QA Engineer

Unity

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
3 Weeks ago
Synechron - Senior Full Stack Developer

Synechron

Toronto, Ontario, Canada (Hybrid)
3 Weeks ago
Buckman - Lead Digital Software Engineer - Back End

Buckman

Chennai, Tamil Nadu, India (On-Site)
7 Months ago
Crunchyroll - Software Development Engineer in Test III, Game Consoles

Crunchyroll

Mexico City, Mexico City, Mexico (On-Site)
3 Months ago
Arkose Labs - Principal Software Architect

Arkose Labs

(Remote)
1 Month ago
Luxoft - BI Developer (SSIS and SSAS)

Luxoft

Gurugram, Haryana, India (On-Site)
6 Months ago
Coda - Infra-Ops Engineer

Coda

Jakarta, Indonesia (Hybrid)
6 Months ago
Arcadia - Software Engineer II - Salesforce

Arcadia

Chennai, Tamil Nadu, India (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in Santa Monica, California, United States

Visa - Senior Manager, Design Research

Visa

Ashburn, Virginia, United States (Hybrid)
3 Weeks ago
Super - L1 Product Manager - Cash Advance Co-Pilot

Super

United States (Remote)
2 Months ago
Meta - Software Engineering Manager, Machine Learning

Meta

Bellevue, Washington, United States (On-Site)
1 Month ago
Axon - Manufacturing Quality Engineer II

Axon

Scottsdale, Arizona, United States (On-Site)
1 Month ago
ByteDance - Software Engineer Intern (CDN/Edge/Traffic Platform)

ByteDance

San Jose, California, United States (On-Site)
1 Month ago
Synechron - Java Solutions Architect – AI Code Assistant (Copilot/Cody)

Synechron

Dallas, Texas, United States (On-Site)
1 Month ago
GameChanger  - Senior Product Manager, Video Platform

GameChanger

United States (Remote)
2 Months ago
Saviynt - Product Manager, Non-human Identities

Saviynt

El Segundo, California, United States (Remote)
7 Months ago
Naughty Dog - Senior Character Artist

Naughty Dog

Los Angeles, California, United States (Hybrid)
1 Month ago
Meet Elise - Strategic Operations Manager

Meet Elise

New York, New York, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Sporty Group - Director of IT & Security

Sporty Group

(Remote)
1 Month ago
Google - Technical Solutions Consultant, End to End Systems

Google

New York, New York, United States (On-Site)
1 Month ago
Reversing Labs - Senior Customer Success Engineer

Reversing Labs

United States (Remote)
2 Months ago
Granicus - Senior Security Analyst

Granicus

Bengaluru, Karnataka, India (Hybrid)
7 Months ago
Google - Technical Solutions Consultant, Security

Google

Kuwait City, Al Asimah Governate, Kuwait (On-Site)
1 Month ago
Varonis  - Technical Support Engineer L2

Varonis

New Delhi, Delhi, India (Remote)
2 Months ago
PearlAbyss - Game Security Technical Support (Entry/Experienced)

PearlAbyss

(On-Site)
1 Month ago
Appirits - Security Engineer

Appirits

Shibuya, Tokyo, Japan (Hybrid)
2 Months ago
ByteDance - Full-Stack Software Engineer - Security Operation Center

ByteDance

San Jose, California, United States (On-Site)
7 Months ago
Google - Software Engineering Manager, Security Intelligence Platform

Google

San Francisco, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

New York, New York, United States (On-Site)

Los Angeles, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

California, United States (Remote)

Santa Monica, California, United States (On-Site)

Alabama, United States (Remote)

Santa Monica, California, United States (Remote)

Los Angeles, California, United States (On-Site)

Nashville, Tennessee, United States (On-Site)

Santa Monica, California, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Universal Music

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug