Application/Cloud Security Lead - Warner Music Inc. Toronto, Ontario Bookmark Share Print 57 0 0

Listing Description

At Warner Music Group, we’re a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. Here, we know that each talent makes our collective bolder and brighter. 

Technology is one of the most important parts of our business. Whether it’s signing up new artists; ensuring we provide the right data  to Spotify, YouTube, and other digital service providers; or helping artists use the latest AI tools and make thoughtful decisions with data-driven insights – technology plays an invaluable role in our success. The engineering team at Warner Music Group makes all of it a reality. 

Team Overview
Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization.  This position will be called upon to represent IT organizations by internal and external organizations.  An individual in this position is responsible for making the production systems more reliable by performing day-to-day operations including system monitoring, troubleshooting, problem identification, resolution and restoral following established and documented procedures and with minimal direction. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes.

- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Develop security strategy plans and roadmaps based on sound enterprise architecture practices
-Participate in application and infrastructure projects to provide security-planning advice
- Ability to perform secure application code review, and coordinate with development teams to advocate secure coding practices. 
- Provide guidance for security activities in the system development life cycle (SDLC) and application development efforts
- Plan and schedule penetration tests of our application environment
- Run code review process and integrate into CI/CD pipeline
- Execute cloud security processes and highlight risks for remediation
- Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data
- Review all existing and new security technologies, tools and services, and make recommendations to the broader infrastructure team
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
- Participate in all information security related incident response activities
- Stay abreast of information security events, news, trends and evolving legislative/regulatory changes

- 10+ years previous hands-on network administration using the following skills
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, DLP (Data Loss Prevention) and log management technology
- Direct experience managing and working with MSSP (managed security service providers)
- Direct experience leading an application security program (code reviews, pen testing)
- Verifiable experience reviewing application code for security vulnerabilities
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
- Modern Authentication Protocols- SAML, OAUTH
- Cryptography - Asymmetrical/Symmetrical encryption, hashing
- Scripting – PowerShell, Python, Bash, etc.
- Experience leading high profile security projects

- CI/CD pipeline DEVSECOPS experience
- Cloud experience (AWS/Azure)
- Regulations, Standards and Frameworks
- Payment Card Industry Data Security Standard (PCI-DSS)
- Sarbanes-Oxley
- General Data Protection Regulation (GDPR)
- NIST Cybersecurity Framework (CSF)
About us:
As the home to 300 Elektra, Asylum, Atlantic, East West, FFRR, Fueled by Ramen, Nonesuch, Parlophone, Rhino, Roadrunner, Sire, Warner Records, Warner Classics, and several other of the world’s premier recording labels, Warner Music Group champions emerging artists and global superstars alike. And our renowned publishing company, Warner Chappell Music, represents genre-spanning songwriters and producers through  a catalogue of more than one million copyrights worldwide. Redefining what it means to be a music company in the 21st century, our consumer brands include trend-setters like UPROXX, Songkick, HipHopDX, and EMP. We’re the home to WMX – the next generation services division that connects artists with fans and amplifies brands in creative, immersive, and engaging ways – and Alternative Distribution Alliance (ADA) – the ground-breaking global distribution company for independent artists and labels. 
Together, we are Warner Music Group: Music With Vision & Voice. 

WMG is committed to inclusion and diversity in all aspects of our business. We are proud to be an equal opportunity workplace and will evaluate qualified applicants without regard to race, religious creed, color, age, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, marital status, medical condition as defined by state law (genetic characteristics or cancer), physical or mental disability, military service or veteran status, pregnancy, childbirth and related medical conditions, genetic information or any other characteristic protected by applicable federal, state or local law.

Copyright © 2023 Warner Music Inc.

Links to relevant documents:

Love this job and want to apply?

Click the “Apply” link at the top of the page, or apply directly with your LinkedIn. Applying with LinkedIn will import all of the information you put in your profile, but will still allow you to upload a resume and cover letter.
Don’t be discouraged if you don’t hear from us right away. We’re taking our time to review all resumes, and to find the best people for WMG.
Thanks for your interest in working for WMG.  We love it here, and think you will, too.


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided


  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765