We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

We are currently seeking a highly skilled Vulnerability Engineer to join our Vulnerability Management program. They will drive resolution of all identified IT vulnerabilities in a global enterprise to ensure the smooth and efficient ongoing operation of the UMG Global infrastructure. A high level of diverse technical skills for troubleshooting and problem analysis is required, along with the ability to clearly communicate the results of problem analysis to business stakeholders, IT support teams, and network providers to resolve operational issues quickly and effectively. This position requires established and proven experience in a global environment. In addition to having strong technical skills, you must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

• Demonstrate ability to anticipate security issues, identify emerging risks, and take initiative in vulnerability remediation without constant supervision. A track record of proactively addressing vulnerabilities and improving security processes is essential
• Prioritize and classify vulnerabilities based on risk impact, system criticality, and business context
• Drive resolution of identified vulnerabilities within 60 days of identification
• Administer and maintain the Veritas eDiscovery platform, ensuring its availability, security and proper configuration
• Administer and maintain Cortex XDR for endpoint detection and response
• Ensure compliance with data retention policies and assist legal and compliance teams with data retrieval and analysis requests
• Work with internal customers, teammates and 3rd party providers to ensure operational security of the cloud and server infrastructure
• Maintain high quality process and procedure documentation
• Maintain & enhance knowledge of key technologies and risks
• Communicate risk and remediation requirements clearly to both technical and non-technical stakeholders, including leadership and external auditors
• Automate the vulnerability reporting and remediation processes to improve efficiency and reduce manual intervention
• Participate in incident response activities related to vulnerability exploitation and provide remediation guidance.
• Participate in on-call rotation to respond to critical security alerts and events. Work out of standard business hours will occasionally be required

• 3+ years of hands-on experience in vulnerability management, remediation, or related cybersecurity roles
• 1-2 years of experience administering and maintaining Veritas eDiscovery platforms, including troubleshooting, upgrades and ensuring compliance with data retention requirements
• Experience with common vulnerability assessment tools (e.g., Nessus, Qualys, Tenable, OpenVAS)
• Knowledge of patch management processes and tools
• Must possess strong people skills and the ability to be both diplomatic and firm
• Experience in highly available 24x7x365 production environment
• Fluency in operating system administration and tools including: Microsoft, Mac OS X, Linux, Python, Powershell, etc.
• Proven experience with Amazon AWS and Microsoft Azure (Google Compute a plus) in an enterprise setting
• Manage time well in a high-interrupt operational environment. Handle the details of several technical tasks simultaneously
• Familiarity with VMware Tanzu CloudHealth
• Appropriate professional certifications

Education:

• Bachelor’s Degree in Computer Science or Engineering or closely related field or comparable education and experience.
• Certifications such as CISSP, CISA, Security+
• ITIL Foundation Certification strongly desired

Universal Music Group is an Equal Opportunity Employer.

Diversity & Inclusion

At Universal Music we are committed to fostering diversity and inclusivity as an equal opportunity employer. We encourage applicants from all backgrounds to apply for our roles regardless of their gender, race, ethnicity, nationality, age, sexual orientation, gender identity, intersex status, marital or family status, neurodiversity, religion or belief, disabilities, or socio-economic background. We also encourage people from all cultural backgrounds to apply, including First Nations people. It is through our diversity and inclusivity that we bring together different perspectives, enhancing our creative and evolving workplace. Music is Universal.

Disclaimer

The company presents this job description as a guide to the major areas and duties for which the jobholder is accountable.  However, the business operates in an environment that demands change and the jobholder's specific responsibilities and activities will vary and develop.  Therefore, the job description should be seen as indicative and not as a permanent, definitive and exhaustive statement.

Job Category: