Cybersecurity Engineer

At Sony Music Publishing (“SMP”), we believe every voice matters. We are the #1 global music publisher, advancing the artistry of the world’s greatest songwriters and composers for over 25 years. We keep songwriters at the forefront of everything we do, and design our suite of services to amplify opportunities, build connections, and defend their rights. Our roster benefits from an international team committed to providing support at every career stage. From classic catalogues to contemporary hitmakers, history is always being written. We are a part of the Sony family of global companies. Learn more about SMP at https://www.sonymusicpub.com/en.

Why join Sony Music Group?

Here at Sony Music Group, we are shaping what’s next in a way that creates impact. Forging powerful new ideas at the heart of music, technology, and culture that entertain and move people.

This is your opportunity. Part of a global community, united by individual passion, rising to that challenge every day. Adapting at pace and supporting one another, inspired to influence the future. For the benefit of you, our people; our creators, our business, and wider society too.

Be a part of an organization that is creator first. Committed to fueling excellence and always imagining more, while fostering a supportive culture, one where we elevate each other and act responsibly.

What You’ll Do: (job responsibilities)

• Conduct vulnerability assessments and manage the vulnerability management lifecycle across cloud and on-premises environments.
• Ensure the implementation and maintenance of cloud security controls, configurations, and best practices, with a focus on AWS cloud security and basic knowledge of Azure cloud.
• Define and establish secure deployment and configuration practices for serverless and container technologies.
• Enhance risk assessment processes and monitor risk treatment plans within the assigned scope.
• Support application security efforts, collaboration with development teams, and integration into DevOps processes.
• Assist in incident response and security incident triage, analysis, and remediation.
• Participate in threat modeling exercises and provide security recommendations.
• Contribute to the development and implementation of security policies, standards, and procedures.
• Develop and implement metrics to measure the effectiveness of security controls, and provide regular reporting on the organization's security posture.
• Review architecture diagrams and design documents provided by development teams to identify potential security weaknesses and recommend improvements.
• Collaborate with relevant stakeholders to ensure that security practices align with data protection requirements and industry standards.
• Stay current with security trends, threats, and best practices, actively sharing knowledge to enhance security awareness and promote secure practices.

Who You Are: (skills and experience required)

• Bachelor’s degree in computer science, Information Security, or equivalent professional experience.
• Minimum of 5 years of experience in cybersecurity, cloud security, or information security roles.
• Strong understanding of cloud security principles.
• Strong knowledge of the AWS cloud ecosystem, including the Well-Architected Framework, best practices, and security features.
• Experience with Azure cloud security is beneficial.
• Experience with vulnerability management tools and processes.
• Knowledge of security incident response processes and procedures.
• Hands-on experience with security tools and technologies (e.g., SIEM, EDR, WAF, etc.)
• Strong communication, critical thinking, problem-solving, analytical, and collaboration skills.
• Excellent communication and collaboration abilities to work with cross-functional teams.
• Proactive and self-motivated approach to driving cybersecurity initiatives.
• Relevant industry certifications (e.g., CISSP, CRISC, GSEC, CASP+, CySA+, AWS Security Specialty, AWS AI Practitioner)
• Limited travel required.
• Must be authorized to work in the United States.
• 7.5-hour business workday. Hybrid 3-4 days/week in office.

What We Give You:

• Cutting-edge challenges in a fast-paced environment, where you will have the opportunity to apply your skills and expertise to stay ahead of emerging threats.
• You join an inclusive, collaborative and global community where you have the opportunity to fuel the creative journey.
• A modern office environment designed to foster productivity, creativity, and teamwork.
• An attractive and comprehensive benefits package including medical, dental, vision, life & disability coverage, and 401K + employer matching.
• Voluntary benefits like company-paid identity theft protection and resources for pets, mental health and meditation resources, industry-leading fertility coverage, fully paid leave for childbirth or bonding, fully paid leave for caregivers, programs for loved ones with developmental disabilities and neurodiversity, subsidized back-up child and elder care, and reimbursement for adoption, surrogacy, tuition and student loans.
• We invest in your professional growth & development.
• Continuous learning opportunities, to enhance your skills and advance your career in cybersecurity.
• Flexible Time Off.
• Time off for a winter recess.

Sony is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex (including pregnancy), gender, national origin, citizenship, ancestry, age, physical or mental disability, military status, status as a veteran or disabled veteran, sexual orientation, gender identity or expression, marital or family status, genetic information, medical condition, or any other basis protected by applicable federal, state, or local law, ordinance, or regulation.