Universal Music Group

Application Security Engineer

Universal Music Group$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent experience.
  • 5+ years in Application Security or related fields with a security focus.
  • Experience with application security assessments and threat modeling.
  • Strong knowledge of secure coding principles and OWASP vulnerabilities.
  • Familiar with application security testing tools and methodologies.
  • Proficient in modern application architectures and cloud technologies.
  • Experience integrating security into CI/CD and DevSecOps.

Responsibilities

  • Perform application security assessments and secure design reviews.
  • Conduct security testing using SAST, DAST, and other methodologies.
  • Review source code and provide secure coding guidance.
  • Collaborate with engineering to identify and address security risks.
  • Integrate application security testing into CI/CD pipelines.
  • Provide security architecture guidance for applications and APIs.
  • Support incident investigations for application-layer security vulnerabilities.

Benefits

  • Comprehensive medical, dental, and vision coverage.
  • Includes 100% coverage for outpatient in-network mental health services.
  • Fertility coverage for eligible participants.
  • Wellbeing reimbursements for various wellness activities.
  • Student Loan Repayment Assistance and Tuition Reimbursement.
  • 401(k) with 100% immediate vesting on the first 5% of contributions.
  • Generous Paid Time Off policies and additional flexibility.
Full Job Description
We are currently seeking an Application Security Engineer to join UMG's global Tech Security & Identity organization. Reporting to the Manager, Security Engineering and Vulnerability, this role is responsible for improving the security of internally developed applications and cloud services by partnering closely with engineering, infrastructure, and product teams to integrate security throughout the software development lifecycle.

The Application Security Engineer will serve as a trusted technical advisor, performing application security assessments, supporting secure software development practices, and helping engineering teams identify and address security risks early in the development process. This role combines hands-on technical expertise with collaboration across development and security teams to strengthen UMG's application security posture while enabling innovation.

The ideal candidate has experience in application security, secure software development, cloud-native technologies, and developer enablement, along with strong communication skills and a passion for building secure software.

How you'll CREATE:
  • Perform application security assessments, threat modeling, and secure design reviews for internally developed and third-party applications.
  • Conduct application security testing using static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), API security testing, and manual validation techniques.
  • Review source code and provide secure coding guidance based on OWASP best practices and secure development principles.
  • Partner with software engineering teams to identify security risks and recommend practical remediation strategies throughout the software development lifecycle.
  • Collaborate with DevOps teams to integrate application security testing into CI/CD pipelines and software delivery workflows.
  • Provide security architecture guidance for new applications, APIs, cloud-native services, and technology integrations.
  • Support implementation of modern authentication and authorization technologies, including OAuth, OpenID Connect (OIDC), SAML, and other identity standards.
  • Evaluate, implement, and maintain application security tools and help improve security testing coverage across the development lifecycle.
  • Develop automation and scripting to improve application security testing, reporting, and engineering workflows.
  • Participate in security reviews for new technologies, cloud services, and third-party applications.
  • Support investigation and remediation of application-layer security incidents and vulnerabilities when required.
  • Create reusable security guidance, reference architectures, and technical documentation to improve secure development practices across engineering teams.
  • Deliver secure coding guidance and developer education to promote security-by-design principles.
  • Collaborate with security, infrastructure, and identity teams to continuously improve enterprise application security capabilities.


Bring your VIBE:
  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent practical experience.
  • 5+ years of experience in Application Security, Security Engineering, Software Engineering, or a related discipline with a security focus.
  • Experience performing application security assessments, threat modeling, and secure architecture reviews.
  • Strong understanding of secure coding principles and common application vulnerabilities, including the OWASP Top 10 and OWASP API Security Top 10.
  • Experience with application security testing technologies including SAST, DAST, SCA, API security testing, and penetration testing methodologies.
  • Experience working with modern application architectures, REST APIs, microservices, and cloud-native technologies.
  • Experience integrating security into CI/CD pipelines and DevSecOps workflows.
  • Experience working within AWS, Azure, or Google Cloud Platform environments.
  • Knowledge of modern authentication and authorization technologies including OAuth, OpenID Connect (OIDC), SAML, and JWT.
  • Understanding of security frameworks and standards including OWASP, NIST Cybersecurity Framework, and ISO 27001.
  • Strong analytical, problem-solving, and communication skills with the ability to work effectively across technical and non-technical teams.


Desirable Qualifications
  • Experience implementing Secure Software Development Lifecycle (SSDLC) practices within Agile development environments.
  • Experience with application security platforms such as GitHub Advanced Security, Microsoft Defender for Cloud, Checkmarx, Veracode, Burp Suite, Semgrep, or similar tools.
  • Experience with container security, Kubernetes, and Infrastructure as Code security.
  • Experience developing automation using Python, PowerShell, or similar scripting languages.
  • Experience performing security assessments of cloud-native applications and APIs.
  • Professional certifications such as CSSLP, GIAC GWEB, AWS Certified Security Specialty, Security+, CISSP, or equivalent.
  • Experience working within large global enterprise environments.
  • Experience in media, entertainment, or similarly distributed global organizations.


Perks Playlist:

Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren't just values-they're how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

  • Comprehensive medical, dental, and vision coverage
  • Including 100% coverage for out-patient in-network mental health services
  • Fertility coverage for eligible medical plan participants
  • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
  • Student Loan Repayment Assistance and Tuition Reimbursement
  • 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution


A variety of ways to prioritize much-needed time away from work including:

  • Flexible Paid Time Off (PTO) for exempt employees
  • 3-weeks PTO for non-exempt employees
  • 2-weeks paid Winter Break
  • 10 Company Holidays (including Juneteenth and Wellbeing Day)
  • Summer Fridays (between Memorial Day and Labor Day)
  • Generous paid parental leave for every type of parent


Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Job Category:
Technology

About Universal Music Group

Universal Music Group (UMG) is a global music corporation that is a subsidiary of the French media conglomerate Vivendi. The company was founded in 1934 as Decca Records and has since grown to become the largest music company in the world, with a market share of over 30%. UMG owns and operates a wide range of record labels, including Capitol Records, Def Jam Recordings, and Island Records, and has a roster of over 4,000 artists. In addition to music production and distribution, UMG also operates several other businesses, including music publishing, merchandising, and film and television production.
Learn more about Universal Music Group
Size
7,000 employees
Industry
Founded
1934

Similar Jobs

More Jobs at Universal Music Group

More Information Technology Jobs

Find similar Application Security Engineer jobs: