Senior Manager, Cybersecurity Engineer.
Job Description
We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
Job Summary:
Universal Music Group (UMG) is a global music company engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute, and promote critically acclaimed and commercially successful music for fans worldwide.
The Senior Manager Cybersecurity Engineer reports to the Senior Vice President, Global Cybersecurity & Crisis Management. The ideal candidate is highly motivated and has 7+ years of experience in enterprise security solutions and incident response. This role supports the Global Security Office (GSO) mission by leading responses to security events and incidents, including triage, containment, remediation, and post-incident improvements. The position works closely with technology teams, application teams, and business units.
This role supports SecOps, Insider Threat, and Business Resiliency and partners with other GSO teams. It offers opportunities to learn and grow across a range of security technologies.
Job Functions:
· Lead the log management strategy, including setup, maintenance, log collection, analysis, and retention, to support investigations and compliance requirements
· Manage and maintain security monitoring and maintenance tools (e.g., SIEM, IDS/IPS, EDR) to ensure effective threat detection and visibility
· Monitor, analyse, and respond to security events across enterprise systems, cloud environments, and web applications
· Support the website protection program, including defences against web-based threats (e.g., DDoS, OWASP Top 10), and manage vendors providing WAF, CDN, and related technologies
· Develop and implement security controls, guardrails, and detection use cases
· Drive improvements to Threat Detection & Response (TDR) capabilities and overall security operations maturity
· Lead the end-to-end security incident lifecycle, including triage, containment, remediation, and post-incident improvements
· Conduct forensic investigations, root cause analysis, and vulnerability assessments
· Automate security processes using scripting, APIs, and SOAR tools
· Ensure compliance with internal policies, standards, and regulatory requirements
· Develop and maintain documentation, including runbooks and standard operating procedures
· Collaborate with cross-functional teams on secure architecture and deployments for systems and services
· Lead and deliver cybersecurity projects and initiatives
· Perform other duties as assigned
Job Requirements:
Skills/Abilities:
· Strong knowledge of log management, analysis, forensic investigations, and vulnerability management
· Strong knowledge of security operations, incident response, and threat detection methodologies
· Experience with security monitoring technologies (e.g., SIEM, IDS/IPS, EDR, WAF, proxy solutions)
· Experience securing internet-facing applications and services
· Knowledge of threat frameworks (e.g., MITRE ATT&CK, NIST)
· Excellent written and verbal communication skills
· Self-motivated, detail-oriented, and collaborative, with strong analytical skills
· Effective at managing multiple priorities and concurrent projects in a fast-paced, global environment while consistently meeting tight deadlines
· Experience monitoring and responding to security incidents across traditional platforms (Windows, Mac, Linux) and cloud environments (e.g, AWS, Azure, GCP)
· Ability to lead complex security investigations
· Proficiency with Linux administration
· Ability to build basic Boolean queries and regex search strings
· Familiarity with enterprise security controls and best practices for Windows, Linux, and Mac systems
Experience:
· 7+ years of cybersecurity experience, with a focus on security operations and incident response or information technology
· Experience with enterprise and cloud environments (e.g., AWS, Azure, GCP)
· Experience with SIEM platforms
· Experience with web and application security technologies (e.g., WAF, CDN platforms such as Akamai or Cloudflare)
Education:
· Bachelor’s degree, industry certification, or equivalent work experience
Additional Requirements:
· Ability to work across global time zones and participate in the on-call SIRT Duty Officer rotation, including weekends and holidays
· Ability to work under pressure and respond to high-impact security incidents
Perks Playlist:
Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren’t just values—they’re how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):
Comprehensive medical, dental, and vision coverage
Including 100% coverage for out-patient in-network mental health services
Fertility coverage for eligible medical plan participants
Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
Student Loan Repayment Assistance and Tuition Reimbursement
401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
A variety of ways to prioritize much-needed time away from work including:
Flexible Paid Time Off (PTO) for exempt employees
3-weeks PTO for non-exempt employees
2-weeks paid Winter Break
10 Company Holidays (including Juneteenth and Wellbeing Day)
Summer Fridays (between Memorial Day and Labor Day)
Generous paid parental leave for every type of parent
Check out our full overview of benefits on the Perks Playlist page of the career site.
Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer
We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.
Please note, UMG is not enrolled in E-Verify in California and New York, and cannot support employment of candidates whose employer must enroll in E-Verify, for example candidates on STEM-OPT.
For more information, please click on the following links.
E-Verify Participation Poster: English / Spanish
E-Verify Right to Work Poster: English | Spanish