Overview

Application Security Engineer – Nashville, 37203, United States of America

How we LEAD:

We are currently seeking an Application Security Engineer to join UMG’s global Tech Security & Identity organization. Reporting to the Manager, Security Engineering and Vulnerability, this role is responsible for improving the security of internally developed applications and cloud services by partnering closely with engineering, infrastructure, and product teams to integrate security throughout the software development lifecycle.

The Application Security Engineer will serve as a trusted technical advisor, performing application security assessments, supporting secure software development practices, and helping engineering teams identify and address security risks early in the development process. This role combines hands-on technical expertise with collaboration across development and security teams to strengthen UMG’s application security posture while enabling innovation.

The ideal candidate has experience in application security, secure software development, cloud-native technologies, and developer enablement, along with strong communication skills and a passion for building secure software.

How you’ll CREATE:

  • Perform application security assessments, threat modeling, and secure design reviews for internally developed and third-party applications.

  • Conduct application security testing using static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), API security testing, and manual validation techniques.

  • Review source code and provide secure coding guidance based on OWASP best practices and secure development principles.

  • Partner with software engineering teams to identify security risks and recommend practical remediation strategies throughout the software development lifecycle.

  • Collaborate with DevOps teams to integrate application security testing into CI/CD pipelines and software delivery workflows.

  • Provide security architecture guidance for new applications, APIs, cloud-native services, and technology integrations.

  • Support implementation of modern authentication and authorization technologies, including OAuth, OpenID Connect (OIDC), SAML, and other identity standards.

  • Evaluate, implement, and maintain application security tools and help improve security testing coverage across the development lifecycle.

  • Develop automation and scripting to improve application security testing, reporting, and engineering workflows.

  • Participate in security reviews for new technologies, cloud services, and third-party applications.

  • Support investigation and remediation of application-layer security incidents and vulnerabilities when required.

  • Create reusable security guidance, reference architectures, and technical documentation to improve secure development practices across engineering teams.

  • Deliver secure coding guidance and developer education to promote security-by-design principles.

  • Collaborate with security, infrastructure, and identity teams to continuously improve enterprise application security capabilities.

Bring your VIBE:

  • Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent practical experience.

  • 5+ years of experience in Application Security, Security Engineering, Software Engineering, or a related discipline with a security focus.

  • Experience performing application security assessments, threat modeling, and secure architecture reviews.

  • Strong understanding of secure coding principles and common application vulnerabilities, including the OWASP Top 10 and OWASP API Security Top 10.

  • Experience with application security testing technologies including SAST, DAST, SCA, API security testing, and penetration testing methodologies.

  • Experience working with modern application architectures, REST APIs, microservices, and cloud-native technologies.

  • Experience integrating security into CI/CD pipelines and DevSecOps workflows.

  • Experience working within AWS, Azure, or Google Cloud Platform environments.

  • Knowledge of modern authentication and authorization technologies including OAuth, OpenID Connect (OIDC), SAML, and JWT.

  • Understanding of security frameworks and standards including OWASP, NIST Cybersecurity Framework, and ISO 27001.

  • Strong analytical, problem-solving, and communication skills with the ability to work effectively across technical and non-technical teams.

Desirable Qualifications

  • Experience implementing Secure Software Development Lifecycle (SSDLC) practices within Agile development environments.

  • Experience with application security platforms such as GitHub Advanced Security, Microsoft Defender for Cloud, Checkmarx, Veracode, Burp Suite, Semgrep, or similar tools.

  • Experience with container security, Kubernetes, and Infrastructure as Code security.

  • Experience developing automation using Python, PowerShell, or similar scripting languages.

  • Experience performing security assessments of cloud-native applications and APIs.

  • Professional certifications such as CSSLP, GIAC GWEB, AWS Certified Security Specialty, Security+, CISSP, or equivalent.

  • Experience working within large global enterprise environments.

  • Experience in media, entertainment, or similarly distributed global organizations.

                                                                                                 

Before you apply -
Register now and turn on alerts for jobs like this!

  • To apply for this position, receive job notifications and manage your applications, click "Register with Diversity Jobs Group".
  • To apply for this position without registering, click "Apply with Customer".

By registering you agree to our terms and conditions.

Apply with Customer

IMPORTANT: Before applying for this role, please make sure you have the right to work in the country where the role is based. Unless it clearly stipulates within in the job advert above that the hiring company is looking to or able to sponsor applicants it is deemed that the hiring employer will only consider applications from those able to comply with and work in the country where the role is based.