Product Security & Information Security Analyst

At Sony Music Publishing (“SMP”), we believe every voice matters. We are the #1 global music publisher, advancing the artistry of the world’s greatest songwriters and composers for over 25 years. We keep songwriters at the forefront of everything we do, and design our suite of services to amplify opportunities, build connections, and defend their rights. Our roster benefits from an international team committed to providing support at every career stage. From classic catalogues to contemporary hitmakers, history is always being written. We are a part of the Sony family of global companies. Learn more about SMP at https://www.sonymusicpub.com/en.

Why join Sony Music Group?

Here at Sony Music Group, we are shaping what’s next in a way that creates impact. Forging powerful new ideas at the heart of music, technology, and culture that entertain and move people.

This is your opportunity. Part of a global community, united by individual passion, rising to that challenge every day. Adapting at pace and supporting one another, inspired to influence the future. For the benefit of you, our people; our creators, our business, and wider society too.

Be a part of an organization that is creator first. Committed to fueling excellence and always imagining more, while fostering a supportive culture, one where we elevate each other and act responsibly.

What You’ll Do: (job responsibilities)

• Product Security Responsibilities:
• Conduct security assessments and code reviews on products/applications built by development teams (full stack, data, UI, cloud)
• Integrate security into the DevOps lifecycle and ensure secure development practices are followed
• Participate in threat modeling exercises and recommend security controls.
• Collaborate with product teams to define and maintain security standards, policies, and guidelines.
• Provide product security training and awareness to development teams.
• Evaluate and manage security risks associated with third-party vendors, libraries, and open-source components.
• Review architecture diagrams and design documents provided by development teams to identify potential security weaknesses and recommend improvements.

Information Security Responsibilities:

• Assist in incident response, triage, analysis, and remediation efforts.
• Develop and deliver security training and awareness programs for the organization.
• Perform vulnerability management including identification, prioritization, and remediation tracking.
• Coordinate risk assessments and monitor risk treatment plans.
• Analyze and provide guidance on information security policies and compliance requirements.
• Collaborate with relevant stakeholders to ensure that security practices align with data protection requirements and industry standards.
• Stay current with security trends, threats, and best practices, actively sharing knowledge to enhance security awareness and promote secure practices.

Who You Are: (skills and experience required)

• Bachelor's degree in computer science, Information Security, or a related field, or equivalent professional experience.
• 3+ years of experience in product security, application security, or information security roles.
• Relevant industry certifications (e.g. CSSLP, GCSA, GWAPT, AWS Certified Solutions Architect – Associate, AWS Certified Security – Specialty)
• Strong knowledge of web application security, secure coding practices, and OWASP Top 10.
• Understanding of CI/CD best practices, Git, and related security practices, including secure pipeline development and version control security.
• Experience with security testing tools (SAST/DAST)
• Familiarity with programming languages such as SQL/NoSQL, Angular, Typescript, Node.js, PHP, .NET, Java used by development teams.
• Understanding of cloud security concepts, database security, and data protection.
• Knowledge of the AWS cloud ecosystem, best practices, and security features.
• Strong communication, critical thinking, problem-solving, analytical, and collaboration skills.
• Ability to work effectively with cross-functional and international teams, including product and security operations.
• Limited Travel Required.
• Must be authorized to work in the United States.
• 7.5-hour business workday. Hybrid 3-4 days/week in office

What We Give You:

• Cutting-edge challenges in a fast-paced environment, where you will have the opportunity to apply your skills and expertise to stay ahead of emerging threats.
• You join an inclusive, collaborative and global community where you have the opportunity to fuel the creative journey.
• A modern office environment designed to foster productivity, creativity, and teamwork.
• An attractive and comprehensive benefits package including medical, dental, vision, life & disability coverage, and 401K + employer matching.
• Voluntary benefits like company-paid identity theft protection and resources for pets, mental health and meditation resources, industry-leading fertility coverage, fully paid leave for childbirth or bonding, fully paid leave for caregivers, programs for loved ones with developmental disabilities and neurodiversity, subsidized back-up child and elder care, and reimbursement for adoption, surrogacy, tuition and student loans.
• We invest in your professional growth & development.
• Continuous learning opportunities, to enhance your skills and advance your career in cybersecurity.
• Flexible Time Off.
• Time off for a winter recess.

DISCLAIMER:

The anticipated annual base salary for this position is $95,000 - $107,000. This range does not include any other compensation components or other benefits that an individual may be eligible for. The actual base salary offered depends on a variety of factors, which may include as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job.

Sony is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex (including pregnancy), gender, national origin, citizenship, ancestry, age, physical or mental disability, military status, status as a veteran or disabled veteran, sexual orientation, gender identity or expression, marital or family status, genetic information, medical condition, or any other basis protected by applicable federal, state, or local law, ordinance, or regulation.

EEO is the Law

EEO is the Law Supplement

Right to Work (English/Spanish)

E-Verify Participation (English/Spanish)