Job Summary:
We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
The Senior Cybersecurity Engineer reports to the Senior Vice President Global Cybersecurity & Crisis Management. The Candidate must be a highly motivated individual with over 7+ years of experience working in a senior role on security solutions and incident response in an enterprise environment. The role will support the Global Security Office (GSO) mission of security and reliability by working across the organization to lead response to security events and incidents by effectively conducting triage, containment, remediation and driving post-incident improvements. The position works closely with technology, application teams and business units.
As a Senior Cybersecurity Engineer, you will be responsible for securing UMG’s enterprise AI platforms. This role will focus on detecting, mitigating, and responding to AI-related security threats, ensuring that applications and services remain resilient against AI-cyber threats. In addition, you will help the team establish, lead, and execute multi-year roadmaps to mature AI security, drawing upon cross-functional partnerships to deliver security posture reviews on a repeatable basis and review new AI systems as they're developed.
The Senior Cybersecurity Engineer will support other efforts in the SecOps, Insider Threat & Business Resiliency teams and work closely with other team members in the Global Security Office (GSO). This role will allow learning and growth on various security technologies.
Job Functions:
The Senior Cybersecurity Engineer role is part of Security Operations team that will, manage, maintain, design, configure, and document security tools, systems, and processes including, but not limited to, the following:
- Lead and support the response to all security events and incidents across UMG’s global infrastructure, services and applications.
- Own the security incident lifecycle, respond to incidents and participate in on-call rotation for security incidents.
- Implementing Security Controls & “Guardrails” for GenAI: Designing, deploying, and operating technical controls to prevent misuse of AI systems. Designs can include content filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AI platforms.
- Continually test and update guardrails, replacing weaker controls with more robust solutions as threats evolve.
- Monitor alignment of solutions to AI Governance processes.
- Provide AI/Agent subject matter expertise for AI Incidents and Security Reviews and help develop incident response playbooks for AI-related security incidents.
- Work to improve UMG’s security and reliability posture by driving identified improvements from security events and incidents.
- Support projects end-to-end that will improve UMG’s Threat Detection and Response (TDR) capabilities and initiatives.
- Be responsible for documentation of incidents and projects you work on and craft best practices as runbooks and standard operating procedures to share knowledge across teams.
- Understand security vulnerabilities, attacker exploit techniques, and methods for their remediation.
- Administer security tools and technologies
- Automate triage, analysis, response, and remediation tasks and processes with code, APIs, and SOAR tools.
- Collect and review systems and application security logs from all systems (Firewalls, OS, Email, IDS, Splunk, etc.), take action to mitigate any threats based on findings.
- Conduct log analysis across a diverse ecosystem of technology (operating systems, internally developed web apps, software-as-a-service apps, cloud infrastructure)
- Ensure compliance with internal policies, standards, and regulatory requirements
- Perform forensics activities and root cause analyses
- Participate in the assessment of network design/architecture, development, and implementation of any new application or service
- Conduct Vulnerability Assessments as required
- Assess and triage potential security incidents. Coordinating and leading response to high impact security incidents.
- Lead efforts to detect and analyze malicious software and work with vendors and teams
- Perform other duties as assigned
- Lead projects, planning, controlling, executing, and closing assigned projects to produce required deliverables
Job Requirements:
Skills/Abilities:
- 7+ years of experience in Cybersecurity with a focus on incident response, digital forensics, security engineering, and/or intrusion detection.
- Experience with threat Intelligence, conducting research on emerging threats, identifying and deploying solutions to prevent such threats occurring working with the team.
- Experience with log analysis and forensic tools.
- Experience monitoring and responding to security incidents involving traditional (Windows, Mac, Linux) and cloud-based infrastructure (AWS, GCP, and/or Azure)
- Expertise in handling complex security investigations.
- Communicate clearly and concisely, orally and in writing.
- Schedule: ability to work ‘non-standard’ hours, to overlap as needed with colleagues and stakeholders in other global locations, and participate in on-call rotation, including weekend and holiday hours.
- Proactively identify and address false positive alerts, ensuring that alert noise is minimized without compromising detection accuracy.
- Experience leveraging automation to improve operational security metrics and dashboards by identifying security response gaps in systems, services and processes and propose and deliver solutions to close security monitoring gaps.
- Experience with programming and scripting using Python, Linux shell scripts, and regex.
- Excellent analytical and problem-solving skills. Knowledge about exploits, vulnerabilities, network attacks.
- Solid understanding of information security related standards, analysis frameworks (MITRE ATT&CK, Kill Chain, NIST Incident Response, etc.) and technologies. The ability to learn new technology and concepts quickly.
- Self-motivated, detail-oriented with analytical and interpersonal skills
- Hands on experience with security operations, safety practices in a business environment and enforcement of procedures.
- Ability to work under pressure and handle multiple projects with tight deadlines across a global enterprise.
- Experience with information security SIEMs, vulnerability scanners and application scanners
- Must be proficient with Linux administration
- Ability to construct basic Boolean logic and regex search strings
- Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems.
Experience:
- 7+ years of enterprise systems engineering, cybersecurity and security operations experience, preferably in the entertainment industry
- Experience securing AI platforms such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway;
- Knowledge of Zero Trust Architecture (ZTA)
- Strong interpersonal skills, communication (oral and written), and presentation skills
- Ability to take initiative and work proactively with minimal supervision.
- Strong technical foundation, including expertise in Systems and Network Administration, Windows Clients and Servers, Linux environments.
- Team player with strong interpersonal skills and a professional attitude.
- Experience with SOAR and EDR tools
- Minimum 2 years of Python and Linux shell scripts
Education:
- Four-year degree, industry certification, or work equivalent
Universal Music Group is an Equal Opportunity Employer.
Disclaimer
This job description only provides an overview of job responsibilities that are subject to change.
#LI-remote