Senior Artificial Intelligence Product Security Engineer

Universal Music Group is the world’s leading music company, committed to artistry, innovation and entrepreneurship. They are seeking a Senior Product Security Engineer to lead the protection and defense of UMG’s digital applications and product ecosystem, focusing on securing artificial intelligence technology against cyber threats.

Responsibilities:

• Conduct application and product security evaluations and lead AI security assessments in a cross-functional environment, driving finding remediations
• Secure AI Development Lifecycle: Procure and/or build technical solutions to embed automated security checks into the AI SDLC and ML-Ops
• AI Threat Modeling: Threat model complex Agentic and AI systems and design security requirements collaboratively with developers, architects, and business stakeholders
• Code Analysis: Review code for security bugs in the context of AI-driven systems
• GRC: Provide leadership for AI Security policies and standards in collaboration with technology risk
• AI/Agent SME: Provide AI/Agent subject matter expertise for AI Incidents and Security Reviews, and help develop incident response playbooks for AI-related security incidents; and
• Assist in the formation of an AI Center of Excellence (ACE)

Requirements:

• 10+ years experience in product security, application security, and/or DevSecOps
• Strong knowledge of security of safety risks of LLMs and AI Agents
• 5+ Years of experience automating security checks, including SAST, SCA, and DAST, directly into CI/CD pipelines
• Extensive experience with STRIDE or other threat modeling frameworks
• Knowledge and experience with technologies including K8s, Containers, CI/CD, and CSPs
• Familiarity with function and purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (Examples LangChain, LlamaIndex, etc.)