Principal Application Security Engineer

5 Days ago • 8 Years + • Cyber Security • $164,325 PA - $200,605 PA

Job Summary

Job Description

The Principal Application Security Engineer at UMG will lead the protection of digital applications and software. Responsibilities include detecting, mitigating, and responding to application security threats, performing penetration and application security testing (pre/post-release and 3rd party), and collaborating with various teams. The role requires strong technical skills, excellent communication, and the ability to work effectively in a global environment. This involves identifying and mitigating attack vectors, analyzing application strengths/weaknesses, developing exploits, reporting findings, providing security expertise, and strengthening API security. The engineer will also harden software supply chains, integrate automated security into CI/CD, and contribute to security training and policy.
Must have:
  • 8+ years in Application Security
  • Knowledge of application-layer attacks
  • Experience with SAST, DAST, SCA tools
  • Secure software supply chain experience
  • Excellent communication skills
Good to have:
  • Experience with media streaming security
  • Digital Rights Management (DRM) experience
  • Anti-piracy experience
Perks:
  • Comprehensive medical, dental, vision
  • Wellbeing reimbursements
  • Student loan repayment assistance
  • 401(k) match
  • Flexible PTO
  • Paid parental leave

Job Details

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
 

How you’ll LEAD:

Our team is looking for a Principal Application Security Engineer to lead the protection and defense of our digital applications and software ecosystem.  This role will focus on detecting, mitigating, and responding to application security threats, ensuring that our applications and services remain resilient against cyber threats.  In addition, they will focus on penetration and application security testing concentrating on pre-release, post-release, and 3rd party applications.

We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

In addition to having strong technical skills, you must be comfortable in effectively communicating with business leadership, our software development community, technical IT teams, and business partners, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Defend UMG applications by identifying and mitigating real-world attack vectors, including OWASP Top 10, API abuse, and software supply chain risks;
  • Conduct analysis and testing to verify the strengths and weaknesses of applications in various environments, utilizing commercial and open-source tooling;
  • Develop exploits based on assessments and/or ability to make modifications on existing exploits;
  • Identify and clearly articulate (written and verbal) findings to stakeholders;
  • Provide subject matter expertise with application security, advising the organization on best practices and emerging security threats;
  • Strengthen API security by enforcing authentication, rate-limiting, and anomaly detection against abuse and fraud;
  • Harden software supply chains by implementing SBOM standards, validating dependencies, and mitigating risks from 3rd party software;
  • Integrate automated security defenses into the CI/CD pipeline, ensuring security testing is continuous and proactive;
  • Assist in maturation of security champions program;
  • Assist in development of company specific application security training content;
  • Author best practices, guidelines, standards and policy; and
  • Other duties as assigned.

Bring your VIBE:

  • 8+ years of experience in Application Security, Product Security, or Security Engineering;
  • Strong knowledge of application-layer attacks, including but not limited to: SQL injections, XSS, SSRF, RCE, and API abuse;
  • Hands on experience with SAST, DAST, SCA, etc. tooling;
  • Experience with secure software supply chain (SBOM, dependency scanning, artifact signing);
  • Team player with the ability to both articulate thoughts and opinions but also listen and compromise; and,
  • Experience with media streaming security, Digital Rights Management (DRM), and/or anti-piracy a plus.

#LI-remote

Perks Playlist:

  • Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit

  • Comprehensive medical, dental, vision, and FSA options, as well as:

    • 100% coverage for out-patient mental health services

    • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

    • A lifetime fertility support allowance of $30,000 to plan participants

    • Student Loan Repayment Assistance and Tuition Reimbursement

    • 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation

  • Variety of ways to prioritize much-needed time away from work including:

    • Flexible Paid Time Off (PTO) for exempt employees

    • 3-weeks PTO for non-exempt employees

    • 2-weeks paid Winter Break

    • 10 Company Holidays (including Juneteenth and Wellbeing Day)

    • Summer Fridays (between Memorial Day and Labor Day)

    • Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish


Job Category:

Technology

Salary Range:

$164,325 - $200,605

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job.  All candidates are encouraged to apply.

Similar Jobs

Wargaming - DevOps Engineer

Wargaming

Belgrade, Serbia (On-Site)
3 Months ago
Xsolla - Tech Lead - Metasites

Xsolla

Baku, Azerbaijan (Hybrid)
2 Months ago
Luxoft - Senior Software Support Engineer

Luxoft

(Remote)
4 Months ago
GoMotive - Software Engineer - Backend

GoMotive

Pakistan (Remote)
1 Week ago
Playrix - Middle C++ Software Engineer (Gameplay)

Playrix

Georgia (Remote)
5 Months ago
Applike - IT Security Manager (f/m/d)

Applike

Hamburg, Hamburg, Germany (Hybrid)
2 Months ago
The Walt Disney Company - Manager, Studios Cybersecurity Risk and Product Security

The Walt Disney Company

New York, New York, United States (On-Site)
3 Days ago
PwC - Cloud Security | Manager | Cyber Security | Technology Consulting

PwC

Dublin, County Dublin, Ireland (On-Site)
5 Months ago
ByteDance - AI Security Researcher - Security - San Jose

ByteDance

San Jose, California, United States (On-Site)
4 Months ago
NVIDIA - Senior Hardware Security Architect, GPU Security Verification

NVIDIA

Redmond, Washington, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

GoTo Group - Lead Software Engineer - Identity Platform

GoTo Group

Bengaluru, Karnataka, India (Hybrid)
3 Months ago
Interactive Brokers - Senior Cloud Security Engineer

Interactive Brokers

Fort Lauderdale, Florida, United States (Hybrid)
5 Months ago
Aristocrat Gaming - Senior Software Developer

Aristocrat Gaming

London, England, United Kingdom (Hybrid)
3 Months ago
CloudHire - Senior Cloud AWS Engineer

CloudHire

Karnataka, India (Remote)
1 Week ago
Scanline VFX - Senior DevOps Engineer

Scanline VFX

Seoul, South Korea (Hybrid)
1 Month ago
NVIDIA - Senior Production Engineer - Storage

NVIDIA

Australia (Remote)
2 Days ago
Solvative - Front End Developer

Solvative

India (Remote)
2 Days ago
Dream Sports - SDE 1 - React Native with Android

Dream Sports

Mumbai, Maharashtra, India (On-Site)
5 Months ago
Mettler-Toledo International,  Inc  - Software Engineer Test – Senior

Mettler-Toledo International, Inc

Karnataka, India (Hybrid)
5 Months ago
Epic Games - Senior Security Engineer - Asset Integrity

Epic Games

Cary, North Carolina, United States (On-Site)
3 Days ago

Get notifed when new similar jobs are uploaded

Jobs in Santa Monica, California, United States

Warner Bros Games - Staff Data Engineer

Warner Bros Games

Atlanta, Georgia, United States (Hybrid)
2 Weeks ago
Onward Search - Project Manager

Onward Search

Denver, Colorado, United States (On-Site)
1 Month ago
EXUSIA - Senior Data Analyst / Tester

EXUSIA

United States (Remote)
5 Months ago
Riot Games - Senior Principal Technical Artist

Riot Games

Los Angeles, California, United States (On-Site)
5 Months ago
The Walt Disney Company - Principal Product Designer

The Walt Disney Company

Glendale, California, United States (On-Site)
1 Month ago
Doiq - Technical Artist

Doiq

United States (Remote)
3 Months ago
ByteDance - Senior Software Engineer - Development Infrastructure Team

ByteDance

Mountain View, California, United States (On-Site)
4 Months ago
Bonfire Studios - Senior Gameplay Animator

Bonfire Studios

California, United States (Hybrid)
2 Days ago
Scopely - Lead UI Artist- Monopoly GO!

Scopely

Culver City, California, United States (On-Site)
4 Months ago
SKYDANCE - Lead Software Engineer, RenderMan

SKYDANCE

Connecticut, United States (Hybrid)
6 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

NVIDIA - Offensive Hardware Security Researcher

NVIDIA

Canada (On-Site)
1 Month ago
Varonis  - Cloud Security Researcher

Varonis

Herzliya, Tel Aviv District, Israel (On-Site)
5 Months ago
Notion - Application Security Engineer

Notion

San Francisco, California, United States (On-Site)
5 Months ago
Glean - Software Engineer, Security

Glean

Palo Alto, California, United States (On-Site)
4 Months ago
Trend Micro - (Sr.) Backend Engineer

Trend Micro

Taipei City, Taiwan (On-Site)
5 Months ago
Immutable - Application Security Engineer

Immutable

Sydney, New South Wales, Australia (Hybrid)
3 Weeks ago
ION - IT/Cyber Security Analyst

ION

London, England, United Kingdom (On-Site)
5 Months ago
ION - Senior Security Architect

ION

Italy (On-Site)
5 Months ago
Sphere Entertainment Co - Security Supervisor and Driver

Sphere Entertainment Co

Burbank, California, United States (On-Site)
3 Days ago
Tesla - Security Systems Field Engineer

Tesla

Brandenburg, Germany (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

Santa Monica, California, United States (On-Site)

Santa Monica, California, United States (Hybrid)

Los Angeles, California, United States (On-Site)

Santa Monica, California, United States (On-Site)

California, United States (Remote)

Los Angeles, California, United States (On-Site)

Los Angeles, California, United States (On-Site)

California, United States (Remote)

View All Jobs

Get notified when new jobs are added by Universal Music

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug