Principal Application Security Engineer

1 Week ago • 8 Years + • Cyber Security • $164,325 PA - $200,605 PA

Job Summary

Job Description

The Principal Application Security Engineer at UMG will lead the protection of digital applications and software. Responsibilities include detecting, mitigating, and responding to application security threats, performing penetration and application security testing (pre/post-release and 3rd party), and collaborating with various teams. The role requires strong technical skills, excellent communication, and the ability to work effectively in a global environment. This involves identifying and mitigating attack vectors, analyzing application strengths/weaknesses, developing exploits, reporting findings, providing security expertise, and strengthening API security. The engineer will also harden software supply chains, integrate automated security into CI/CD, and contribute to security training and policy.
Must have:
  • 8+ years in Application Security
  • Knowledge of application-layer attacks
  • Experience with SAST, DAST, SCA tools
  • Secure software supply chain experience
  • Excellent communication skills
Good to have:
  • Experience with media streaming security
  • Digital Rights Management (DRM) experience
  • Anti-piracy experience
Perks:
  • Comprehensive medical, dental, vision
  • Wellbeing reimbursements
  • Student loan repayment assistance
  • 401(k) match
  • Flexible PTO
  • Paid parental leave

Job Details

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
 

How you’ll LEAD:

Our team is looking for a Principal Application Security Engineer to lead the protection and defense of our digital applications and software ecosystem.  This role will focus on detecting, mitigating, and responding to application security threats, ensuring that our applications and services remain resilient against cyber threats.  In addition, they will focus on penetration and application security testing concentrating on pre-release, post-release, and 3rd party applications.

We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

In addition to having strong technical skills, you must be comfortable in effectively communicating with business leadership, our software development community, technical IT teams, and business partners, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Defend UMG applications by identifying and mitigating real-world attack vectors, including OWASP Top 10, API abuse, and software supply chain risks;
  • Conduct analysis and testing to verify the strengths and weaknesses of applications in various environments, utilizing commercial and open-source tooling;
  • Develop exploits based on assessments and/or ability to make modifications on existing exploits;
  • Identify and clearly articulate (written and verbal) findings to stakeholders;
  • Provide subject matter expertise with application security, advising the organization on best practices and emerging security threats;
  • Strengthen API security by enforcing authentication, rate-limiting, and anomaly detection against abuse and fraud;
  • Harden software supply chains by implementing SBOM standards, validating dependencies, and mitigating risks from 3rd party software;
  • Integrate automated security defenses into the CI/CD pipeline, ensuring security testing is continuous and proactive;
  • Assist in maturation of security champions program;
  • Assist in development of company specific application security training content;
  • Author best practices, guidelines, standards and policy; and
  • Other duties as assigned.

Bring your VIBE:

  • 8+ years of experience in Application Security, Product Security, or Security Engineering;
  • Strong knowledge of application-layer attacks, including but not limited to: SQL injections, XSS, SSRF, RCE, and API abuse;
  • Hands on experience with SAST, DAST, SCA, etc. tooling;
  • Experience with secure software supply chain (SBOM, dependency scanning, artifact signing);
  • Team player with the ability to both articulate thoughts and opinions but also listen and compromise; and,
  • Experience with media streaming security, Digital Rights Management (DRM), and/or anti-piracy a plus.

#LI-remote

Perks Playlist:

  • Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit

  • Comprehensive medical, dental, vision, and FSA options, as well as:

    • 100% coverage for out-patient mental health services

    • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

    • A lifetime fertility support allowance of $30,000 to plan participants

    • Student Loan Repayment Assistance and Tuition Reimbursement

    • 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation

  • Variety of ways to prioritize much-needed time away from work including:

    • Flexible Paid Time Off (PTO) for exempt employees

    • 3-weeks PTO for non-exempt employees

    • 2-weeks paid Winter Break

    • 10 Company Holidays (including Juneteenth and Wellbeing Day)

    • Summer Fridays (between Memorial Day and Labor Day)

    • Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish


Job Category:

Technology

Salary Range:

$164,325 - $200,605

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job.  All candidates are encouraged to apply.

Similar Jobs

Armada - Principal Engineer (Applications)

Armada

Thiruvananthapuram, Kerala, India (On-Site)
5 Months ago
NVIDIA - Senior Site Reliability Engineer - GPU Clusters

NVIDIA

Westford, Massachusetts, United States (On-Site)
1 Month ago
N-iX - Junior Automation QA Engineer (with Python)

N-iX

Colombia (Remote)
1 Week ago
Appirits - Mid-Career Mobile Engineer

Appirits

Tokyo, Japan (Hybrid)
1 Month ago
Anavation - Full Stack Developer

Anavation

Washington, District Of Columbia, United States (Hybrid)
1 Month ago
PwC - ETIC, Cybersecurity Graduate Program

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
4 Months ago
ByteDance - Security Engineer (Penetration Tester) - 2025 Start

ByteDance

Singapore (On-Site)
5 Months ago
NVIDIA - Senior GPU Hardware Security Architect, Memory Security and System Configuration

NVIDIA

Santa Clara, California, United States (On-Site)
2 Months ago
Reversing Labs - Application Security Architect

Reversing Labs

Ireland (Remote)
1 Week ago
PAPAYA - CISO

PAPAYA

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
5 Days ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Luxoft - Senior Software Support Engineer

Luxoft

Zlínský Kraj, Czechia (Remote)
4 Months ago
Smarsh - Principal Platform Engineer

Smarsh

India (Hybrid)
5 Months ago
Modio - Cloud Systems Engineer

Modio

Prahran, Victoria, Australia (On-Site)
6 Days ago
Aristocrat Gaming - Software Developer in Test

Aristocrat Gaming

Las Vegas, Nevada, United States (Hybrid)
1 Month ago
Argus Labs - Site Reliability Engineer (LATAM)

Argus Labs

(Remote)
5 Days ago
Level AI - Backend Engineer - Customer Engineering

Level AI

Noida, Uttar Pradesh, India (Hybrid)
5 Months ago
Hudl - Software Engineer II

Hudl

London, England, United Kingdom (Hybrid)
3 Months ago
Scopely - Senior Software Engineer - Server - Unannounced Project

Scopely

Barcelona, Catalonia, Spain (Hybrid)
1 Month ago
Gyaan - Senior Backend Engineer (Python)

Gyaan

Pune, Maharashtra, India (On-Site)
5 Months ago
PwC - Senior Associate_Full Stack Developer_Data & Analytics_Advisory_PAN  India

PwC

Kolkata, West Bengal, India (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Santa Monica, California, United States

Microsoft - Member of Technical Staff – Machine Learning Engineer

Microsoft

New York, New York, United States (Hybrid)
1 Week ago
NVIDIA - Director, Lease Accounting and Portfolio Management

NVIDIA

Santa Clara, California, United States (On-Site)
3 Weeks ago
DraftKings - Operations Associate, Jackpocket (Evenings)

DraftKings

North Andover, Massachusetts, United States (On-Site)
1 Week ago
NVIDIA - Senior GPU Hardware Security Architect, Memory Security and System Configuration

NVIDIA

Redmond, Washington, United States (On-Site)
1 Month ago
WebFX - Remote Copywriter

WebFX

Philadelphia, Pennsylvania, United States (Remote)
4 Months ago
ByteDance - Site Reliability Engineer

ByteDance

San Jose, California, United States (On-Site)
6 Days ago
Meta - Software Engineer, Machine Learning

Meta

Seattle, Washington, United States (On-Site)
4 Months ago
WebFX - Jr. Web Developer

WebFX

Harrisburg, Pennsylvania, United States (On-Site)
5 Months ago
Nintendo - Intern – Supply Chain Planning

Nintendo

North Bend, Washington, United States (On-Site)
5 Months ago
Nagarro - Associate Engineer

Nagarro

Atlanta, Georgia, United States (On-Site)
5 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

PwC - Digital Forensic and Electronic Discovery Expert – Senior Associate

PwC

Zürich, Zurich, Switzerland (On-Site)
6 Months ago
Larian Studios - Lead Security & Network Engineer

Larian Studios

Warsaw, Masovian Voivodeship, Poland (On-Site)
6 Days ago
Trend Micro - (Sr.) Cloud Developer (Vision One)

Trend Micro

Taipei City, Taiwan (On-Site)
6 Months ago
ION - Network Security Engineer

ION

Castellazzo Bormida, Piedmont, Italy (Hybrid)
5 Months ago
ByteDance - Senior Software Engineer, Anti-DDoS

ByteDance

Singapore (On-Site)
2 Months ago
PwC - IT Internal Communications (US Client - Olivos/Barracas)

PwC

Olivos, Buenos Aires Province, Argentina (On-Site)
4 Months ago
DOTSOFT SA - Security Engineer

DOTSOFT SA

Greece (On-Site)
1 Week ago
Blue Yonder - Bug Bounty Technical Lead- (Vulnerability disclosure (VDP))

Blue Yonder

Hyderabad, Telangana, India (On-Site)
6 Months ago
undefined - Senior Application Security Engineer

Hyderabad, Telangana, India (On-Site)
5 Months ago
PwC - Workday specialist in benefits & compensations

PwC

Buenos Aires, Buenos Aires, Argentina (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Franklin, Tennessee, United States (On-Site)

New York, New York, United States (On-Site)

Santa Monica, California, United States (On-Site)

Santa Monica, California, United States (Hybrid)

Los Angeles, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

California, United States (Remote)

Los Angeles, California, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Universal Music

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug