Hiring.Camp

Application Security Engineer

USA - Current Open Positions

·

4 days ago

Location
USA-TN NVL 1234 Martin St, United States of America
Type
Full-time
Department
Engineering
Experience
5+ years
Education
Bachelor
Source
Workday

Description

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
 

How we LEAD:

We are currently seeking an Application Security Engineer to join UMG's global Tech Security & Identity organization. Reporting to the Manager, Security Engineering and Vulnerability, this role is responsible for improving the security of internally developed applications and cloud services by partnering closely with engineering, infrastructure, and product teams to integrate security throughout the software development lifecycle.

The Application Security Engineer will serve as a trusted technical advisor, performing application security assessments, supporting secure software development practices, and helping engineering teams identify and address security risks early in the development process. This role combines hands-on technical expertise with collaboration across development and security teams to strengthen UMG's application security posture while enabling innovation.

The ideal candidate has experience in application security, secure software development, cloud-native technologies, and developer enablement, along with strong communication skills and a passion for building secure software.

How you'll CREATE:

  • Perform application security assessments, threat modeling, and secure design reviews for internally developed and third-party applications.

  • Conduct application security testing using static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), API security testing, and manual validation techniques.

  • Review source code and provide secure coding guidance based on OWASP best practices and secure development principles.

  • Partner with software engineering teams to identify security risks and recommend practical remediation strategies throughout the software development lifecycle.

  • Collaborate with DevOps teams to integrate application security testing into CI/CD pipelines and software delivery workflows.

  • Provide security architecture guidance for new applications, APIs, cloud-native services, and technology integrations.

  • Support implementation of modern authentication and authorization technologies, including OAuth, OpenID Connect (OIDC), SAML, and other identity standards.

  • Evaluate, implement, and maintain application security tools and help improve security testing coverage across the development lifecycle.

  • Develop automation and scripting to improve application security testing, reporting, and engineering workflows.

  • Participate in security reviews for new technologies, cloud services, and third-party applications.

  • Support investigation and remediation of application-layer security incidents and vulnerabilities when required.

  • Create reusable security guidance, reference architectures, and technical documentation to improve secure development practices across engineering teams.

  • Deliver secure coding guidance and developer education to promote security-by-design principles.

  • Collaborate with security, infrastructure, and identity teams to continuously improve enterprise application security capabilities.

Bring your VIBE:

  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent practical experience.

  • 5+ years of experience in Application Security, Security Engineering, Software Engineering, or a related discipline with a security focus.

  • Experience performing application security assessments, threat modeling, and secure architecture reviews.

  • Strong understanding of secure coding principles and common application vulnerabilities, including the OWASP Top 10 and OWASP API Security Top 10.

  • Experience with application security testing technologies including SAST, DAST, SCA, API security testing, and penetration testing methodologies.

  • Experience working with modern application architectures, REST APIs, microservices, and cloud-native technologies.

  • Experience integrating security into CI/CD pipelines and DevSecOps workflows.

  • Experience working within AWS, Azure, or Google Cloud Platform environments.

  • Knowledge of modern authentication and authorization technologies including OAuth, OpenID Connect (OIDC), SAML, and JWT.

  • Understanding of security frameworks and standards including OWASP, NIST Cybersecurity Framework, and ISO 27001.

  • Strong analytical, problem-solving, and communication skills with the ability to work effectively across technical and non-technical teams.

Desirable Qualifications

  • Experience implementing Secure Software Development Lifecycle (SSDLC) practices within Agile development environments.

  • Experience with application security platforms such as GitHub Advanced Security, Microsoft Defender for Cloud, Checkmarx, Veracode, Burp Suite, Semgrep, or similar tools.

  • Experience with container security, Kubernetes, and Infrastructure as Code security.

  • Experience developing automation using Python, PowerShell, or similar scripting languages.

  • Experience performing security assessments of cloud-native applications and APIs.

  • Professional certifications such as CSSLP, GIAC GWEB, AWS Certified Security Specialty, Security+, CISSP, or equivalent.

  • Experience working within large global enterprise environments.

  • Experience in media, entertainment, or similarly distributed global organizations.

                                                                                                 

Perks Playlist:

Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren’t just values—they’re how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

  • Comprehensive medical, dental, and vision coverage

  • Including 100% coverage for out-patient in-network mental health services

  • Fertility coverage for eligible medical plan participants

  • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

  • Student Loan Repayment Assistance and Tuition Reimbursement

  • 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution

A variety of ways to prioritize much-needed time away from work including:

  • Flexible Paid Time Off (PTO) for exempt employees

  • 3-weeks PTO for non-exempt employees

  • 2-weeks paid Winter Break

  • 10 Company Holidays (including Juneteenth and Wellbeing Day)

  • Summer Fridays (between Memorial Day and Labor Day)

  • Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.


Please note, UMG is not enrolled in E-Verify in California and New York, and cannot support employment of candidates whose employer must enroll in E-Verify, for example candidates on STEM-OPT.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish


Job Category:

Technology

Skills

PythonAWSAzureKubernetesCI/CDGitHubCybersecurityPenetration TestingRESTOAuthAgileDevOpsMicroservicesMerchandisingISO 27001AWS CertifiedCISSP

Similar Jobs

30

Application Security Engineer

INTAPP · Portugal Remote · Remote

4 days ago

Application Security Engineer

Heartflowinc · San Francisco, California · Hybrid

4 days ago

Application Security Engineer

Zocdoc · USA Remote +1 · Remote

5 days ago

Application Security Engineer

Leidos · 5612 Ashburn VA, United States of America

6 days ago

Engineer, Application Security

Cboe is always looking for · Chicago HQ OPO, United States of America · Hybrid

6 days ago

Application Security Engineer

Interact Software · Manila, PH

6 days ago

Application Security Engineer

MicroStrategy · Tysons Corner, VIRGINIA, United States · Onsite

1 week ago

Application Security Engineer

Leidos · 5612 Ashburn VA, United States of America

1 week ago

Application Security Engineer

Figure · Remote · Remote

1 week ago

Application Security Engineer

MicroStrategy · Tysons Corner, VIRGINIA, United States · Onsite

1 week ago

Application Security Engineer

Juara It Solutions · Chennai

2 weeks ago

Application Security Engineer

Alaan · Bengaluru, India

2 weeks ago

Application Security Engineer

Cdk · India - Hyderabad

2 weeks ago

Application Security Engineer

PandaDoc · Remote (Europe) · Remote

2 weeks ago

Application Security Engineer

Booz Allen Hamilton · USA, MD, Fort Meade (6910 Cooper Ave), United States of America

2 weeks ago

Application Security Engineer

Regions · Hoover, AL - Riverchase Operations Center (Birmingham, AL), United States of America +3

2 weeks ago

Application Security Engineer

Intermedia Intelligent Communications · Portugal · Remote

2 weeks ago

Application Security Engineer

Cisco · USA-RESEARCH TRIANGLE PARK, United States of America +1 · Hybrid

2 weeks ago

Application Security Engineer

Oneleet · US · Remote

3 weeks ago

Application Security Engineer

Jobskeyconsultancy · Hyderabad · Hybrid, Onsite

3 weeks ago

Application Security Engineer

Wrike · Estonia - Remote · Remote

3 weeks ago

Application Security Engineer

Wrike · Nicosia · Remote

3 weeks ago

Application Security Engineer

Rockstargames · Leeds, England, United Kingdom · Onsite

3 weeks ago

Application Security Engineer

Intercom · London, England +1

3 weeks ago

Application Security Engineer

MicroStrategy · Tysons Corner, VIRGINIA, United States · Onsite

3 weeks ago

Application Security Engineer

Intercom · Dublin, Ireland

3 weeks ago

Application Security Engineer

Bugcrowd · Remote - Brazil +1 · Remote

3 weeks ago

Application Security Engineer

Iqvia · Porto Salvo, Portugal

1 month ago

Application Security Engineer

Forcepoint · Flex - Cork, Ireland · Hybrid

1 month ago

Application Security Engineer

Forcepoint · Flex - Cork, Ireland · Hybrid

1 month ago
Application Security Engineer at USA - Current Open Positions | Hiring.Camp