Warner Music Group Jobs

Senior Security Engineer

Job Description:

At Warner Music Group, we’re a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. Here, we know that each talent makes our collective bolder and brighter. We are guided by four core principles that underpin everything we do across all our diverse businesses:

• Music is Everything : Music is our passion, and we can never get enough. Tastes, trends, and tech will change, but great artists and songwriters will always be our driving force.

• Global Growth, Local Expertise : Music is a global language. Through communication and collaboration, our success can come from anywhere and translate everywhere.

• Innovation and Insight : Pushing the boundaries requires the best information and the boldest imagination. We use both to create the future.

• Empowered by People : Like the artists we serve and the music they make, our differences make us stronger. This is a place where every talent can belong and build a career.

We remain committed to Diversity, Equity, and Inclusion. We know it fosters a culture where you can truly belong, contribute, and grow. We encourage applications from people of any age, gender identity, sex or sexual orientation, race, ethnicity, religion or belief, disability, and any other protected characteristic or identity.

Consider a career at WMG and get the best of both worlds – an innovative global music company that retains the creative spirit of a nimble independent.

Job Title: Senior Security Engineer

A little bit about our team:

Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization. This position will be called upon to represent IT organizations by internal and external organizations. An individual in this position is responsible for making the production systems more reliable by performing day-to-day operations including system monitoring, troubleshooting, problem identification, resolution and restoral following established and documented procedures and with minimal direction. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes.

Your role:

This is an opportunity to move the needle and make a significant impact within a large global enterprise. Responsibilities include coordinating projects and resources as new business offerings and technologies are developed and implemented within Warner Music Group. Requires excellent communication and technical skills, while working closely with all business units within Warner Music Group in determining design criteria and proof of concept as they relate to each business offering. Other functionality includes acting as engineering liaison to outside engineering entities, project budget management, and vendor management. Collaborate, design and implement ideas with business leaders from whiteboard to digital delivery and be a true partner with our business leaders. Recognize that as a Service Organization we’re there to partner and steward the organization to operate efficiency, drive revenue and manage risk.

Here you’ll get to:

• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers

• Develop security strategy plans and roadmaps based on sound enterprise architecture practices

• Participate in application and infrastructure projects to provide security-planning advice

• Determine and refine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)

• Validate security configurations, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems

• Perform regular vulnerability testing of enterprise services and applications, assess results, prioritize, and coordinate remediation efforts with colleagues

• Ability to leverage SIEM platform for conducting forensic security investigations and identifying potential indicators of compromise (IOCs). Develop and use advanced, customized tools and scripts to enhance security assessments and proactive alerting

• Review all security reports and logs for unusual or anomalous activities

• Ability to perform secure application code review, and coordinate with development teams to advocate secure coding practices. Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts

• Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data

• Review all existing and new security technologies, tools and services, and make recommendations to the broader infrastructure team

• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle

• Participate in all information security related incident response activities

• Stay abreast of information security events, news, trends and evolving legislative/regulatory changes

About you:

• Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, DLP (Data Loss Prevention) and log management technology

• Experience managing and working with Security Operations Centers

• Direct experience managing and working with MSSP (managed security service providers)

• Direct experience leading an application security program (code reviews, pen testing)

• Verifiable experience reviewing application code for security vulnerabilities

• Direct, hands-on experience or a strong working knowledge of vulnerability management tools

• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services

• Modern Authentication Protocols- SAML, OAUTH

• Cryptography - Asymmetrical/Symmetrical encryption, hashing

• Scripting – PowerShell, Python, Bash, etc.

• Experience leading high profile security projects

We’d love it if you also had:

• CI/CD pipeline DEVSECOPS experience

• Cloud experience (AWS/Azure)

• Regulations, Standards and Frameworks

• Payment Card Industry Data Security Standard (PCI-DSS)

• Sarbanes-Oxley

• General Data Protection Regulation (GDPR)

• NIST Cybersecurity Framework (CSF)

About us:

As the home to Asylum, Atlantic, East West, Elektra, FFRR, Fueled by Ramen, Nonesuch, Parlophone, Rhino, Roadrunner, Sire, Warner Records, Warner Classics, and several other of the world’s premier recording labels, Warner Music Group champions emerging artists and global superstars alike. And our renowned publishing company, Warner Chappell Music, represents genre-spanning songwriters and producers through a catalogue of more than one million copyrights worldwide. Redefining what it means to be a music company in the 21st century, our consumer brands include trend-setters like UPROXX, Songkick, HipHopDX, and EMP. We’re the home to WMX – the next generation services division that connects artists with fans and amplifies brands in creative, immersive, and engaging ways – and Alternative Distribution Alliance (ADA) – the ground-breaking global distribution company for independent artists and labels.

Together, we are Warner Music Group: Music With Vision & Voice.

Love this job and want to apply?

Click the “Apply” link at the top of the page, or apply directly with your LinkedIn. Applying with LinkedIn will import all of the information you put in your profile, but will still allow you to upload a resume and cover letter.

Don’t be discouraged if you don’t hear from us right away. We’re taking our time to review all resumes, and to find the best people for WMG.

Thanks for your interest in working for WMG. We love it here, and think you will, too.

WMG is committed to inclusion and diversity in all aspects of our business. We are proud to be an equal opportunity workplace and will evaluate qualified applicants without regard to race, religion or belief, age, sex, sexual orientation, gender, gender identity or gender reassignment, marital or civil partnership status, disability, pregnancy, childbirth or any other characteristic protected by law.