We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
How you’ll LEAD:
The Application and Product Security team is looking for an Sr. Product Security Engineer to lead the protection and defense of UMG’s digital applications and product ecosystem with an emphasis on securing artificial technology (AI). This role will focus on detecting, mitigating, and responding to AI-related security threats, ensuring that applications and services remain resilient against AI-cyber threats. In addition, you will help the team establish, lead, and execute multi-year roadmaps to mature AI security, drawing upon cross-functional partnerships to deliver security posture reviews on a repeatable basis and review new AI systems as they're developed.
How you’ll CREATE:
Conduct application and product security evaluations and lead AI security assessments in a cross-functional environment, driving finding remediations;
Secure AI Development Lifecycle: Procure and/or build technical solutions to embed automated security checks into the AI SDLC and ML-Ops;
AI Threat Modeling: Threat model complex Agentic and AI systems and design security requirements collaboratively with developers, architects, and business stakeholders;
Code Analysis: Review code for security bugs in the context of AI-driven systems;
GRC: Provide leadership for AI Security policies and standards in collaboration with technology risk;
AI/Agent SME: Provide AI/Agent subject matter expertise for AI Incidents and Security Reviews, and help develop incident response playbooks for AI-related security incidents; and,
Assist in the formation of an AI Center of Excellence (ACE).
Bring your VIBE:
10+ years experience in product security, application security, and/or DevSecOps;
You have strong knowledge of security of safety risks of LLMs and AI Agents;
You have 5+ Years of experience automating security checks, including SAST, SCA, and DAST, directly into CI/CD pipelines;
Extensive experience with STRIDE or other threat modeling frameworks;
You have knowledge and experience with technologies including K8s, Containers, CI/CD, and CSPs
Familiarity with function and purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (Examples LangChain, LlamaIndex, etc.).
#LI-remote
Perks Playlist:
Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren’t just values—they’re how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):
Comprehensive medical, dental, and vision coverage
Including 100% coverage for out-patient in-network mental health services
Fertility coverage for eligible medical plan participants
Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
Student Loan Repayment Assistance and Tuition Reimbursement
401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
A variety of ways to prioritize much-needed time away from work including:
Flexible Paid Time Off (PTO) for exempt employees
3-weeks PTO for non-exempt employees
2-weeks paid Winter Break
10 Company Holidays (including Juneteenth and Wellbeing Day)
Summer Fridays (between Memorial Day and Labor Day)
Generous paid parental leave for every type of parent
Check out our full overview of benefits on the Perks Playlist page of the career site.
Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer
We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.
For more information, please click on the following links.
E-Verify Participation Poster: English / Spanish
E-Verify Right to Work Poster: English | Spanish
Technology
Salary Range:
$161,350 - $199,785
The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.
Universal Music Group (UMG) is the world leader in music-based entertainment, with a broad array of businesses engaged in recorded music, music publishing, merchandising and audiovisual content in more than 60 countries. Featuring the most comprehensive catalog of recordings and songs across every musical genre, UMG identifies and develops artists and produces and distributes the most critically acclaimed and commercially successful music in the world. Committed to artistry, innovation and entrepreneurship, UMG fosters the development of services, platforms and business models in order to broaden artistic and commercial opportunities for our artists and create new experiences for fans.
Universal Music Group's labels include A&M Records, Astralwerks, Blue Note Records, Capitol Christian Music Group, Capitol Records, Capitol Records Nashville, Caroline, Decca, Def Jam Recordings, Deutsche Grammophon, Disa, Emarcy, EMI Records Nashville, Fonovisa, Geffen Records, Harvest, Interscope Records, Island Records, Machete Music, MCA Nashville, Mercury Nashville, Mercury Records, Motown Records, Polydor Records, Republic Records, Universal Music Latino, Verve Label Group, Virgin Records, Virgin EMI Records, as well as a multitude of record labels owned or distributed by its record company subsidiaries around the world. UMG's catalog is marketed through two distinct divisions, Universal Music Enterprises (in the U.S.) and Universal Strategic Marketing (outside the U.S.).
UMG also includes Universal Music Publishing Group, one of the industry's premier music publishing operations worldwide and Bravado, the leading provider of consumer, lifestyle and branding services to recording artists and entertainment brands around the world. Universal Music Group is a Vivendi company.
Find out more at: http://www.universalmusic.com.
View our current career opportunities at: http://www.umusiccareers.com
