Our team is looking for an Application Security Engineer with extensive product security experience and deep expertise in web security, software security vulnerabilities, as well as superb knowledge of software security standards/best practices to join our team.
We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.
You will be the technical subject matter expert for multiple areas of application and product security. You will be responsible for performing design reviews, technical security assessments, and code reviews to highlight risk and help engineering teams improve the overall security of our products. You will be a security leader within the company, gaining a solid understanding of our products and systems, and ensuring that security is built in. This position requires both deep and broad technical knowledge across a range of disciplines, and the ability to work hands-on across a wide variety of software designs and technology stacks.
In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.
How you'll CREATE:
• Perform design reviews and technical security assessments to highlight risk and help engineering teams improve the overall security of our products
• Design and implement security best practices and standards across varied engineering teams and environments
• Implement and conduct code reviews with a combination of static testing, manual reviews, and dynamic analysis / pen-testing
• Conduct threat modelng, identify & drive risk decisions, and influence technical designs and architectures
• Engage with developers to provide remediation support
• Perform security reviews of new services and features
• Build tools to simplify and automate Vulnerability Management processes
• Provide engineering designs to mitigate security vulnerabilities in new software solutions
• Design and implement tooling and automation for application security (e.g. SAST/DAST in CI/CD)
• Perform regular security testing as well as code reviews for improving the software security
• Maintain technical documentation related to software security
• Ensure software security at all levels of the architecture
• Stay updated with latest tools and advanced industry practices for software security
• Advocate for security culture and educate colleagues across all parts of UMG
Bring your VIBE:
• Technical and foundational knowledge of software engineering, computer systems, security engineering, and authentication
• Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols
• Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities
• Strong experience in web security and federation protocols (SSL/TLS, REST, OAuth, SAML, LDAP-S, SAML, WS-Federation, SCIM, OAuth, and OIDC, XSS, etc.)
• Experience working with AWS or other cloud environments (development/architecture)
• Experience with cloud and web application security standards (OWASP ASVS, SANS 25, etc.)
• Understanding beyond the OWASP Top 10 by explaining the level of risk to the business
• Comfortable with tools like Snyk.io, BluBracket, NoName Api security, Burp Suite, OWASP ZAP, CheckMarx, Veracode, App Spider etc.
• A deep interest in knowing latest industry advancements in software security along with implementing them
• An analytical mind with a problem-solving attitude
• Excellent organizational and communication skills
• A Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity, Information Security, or a related technical field
• 7+ years of hands-on technical experience
• Experience in Docker, Terraform, Kubernetes
• Experience working in an Agile development environment
• Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy
• Experience securing operating systems, networks, and low-level infrastructure
• Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods
• Experience with automation tools like Ansible, Chef, Puppet, Jenkins
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
• Experience with Web Application Firewalls (WAF)
• Knowledge of AD/Azure AD and Azure AD B2B/ B2C, Okta
• Multiple language skills
• Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit
• Comprehensive medical, dental, vision, and FSA options, as well as:
• 100% coverage for out-patient mental health services
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• A lifetime fertility support allowance of $30,000 to plan participants
• Student Loan Repayment Assistance and Tuition Reimbursement
• 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation
• Variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees
• 2-weeks paid Winter Break
• 10 Paid Holidays (including Juneteenth and Wellbeing Day)
• Summer Fridays (between Memorial Day and Labor Day)
• Generous paid parental leave for every type of parent
Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer
We are an E-Verify employer.
$74,412 - $173,656.15
The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.
Jobcode: Reference SBJ-rob4m6-44-200-112-172-42 in your application.