Established in 2015, Create Music Group is a leading music and entertainment company. The company operates as a record label, distribution company, and entertainment network which generates over 15 billion music streams each month on DSP’s. Named #2 on the Inc 5000 Fastest Growth Companies in America in 2020, the company has grown exponentially by leveraging its owned IP with its media and technology platform. The company works with superstar artists, major and independent record labels, and global media brands. It operates a number of companies including Label Engine, one of the largest independent music distribution platforms in the world, with over 75,000 artists and 5,000 label clients; and Flighthouse, a digital entertainment brand focused on Gen Z, which has more than 300 million followers across social media. Create Music Group is based in Hollywood, CA and has 400 employees worldwide.

Job Summary

The Senior Application & Cloud Security Engineer will serve as the foundational security hire within the Technology organization, reporting to the VP of Data Engineering. This role will own and drive security across CMG's application portfolio and multi-cloud infrastructure (AWS + GCP). The role sits at the intersection of engineering and security—working hands-on to harden Label Engine (PHP/Laravel on AWS, processing >$1B in royalties), secure the expanding GCP-based CreateOS data and AI platform, and operationalize the company's broader security roadmap covering identity management, endpoint protection, vulnerability management, incident response, and compliance.

Responsibilities

Lead application security for Label Engine (PHP 8.x / Laravel / MySQL / Redis / Elasticsearch) and web applications across the portfolio
Secure royalty processing, accounting, and payment workflows handling sensitive financial data
Implement and manage SAST, DAST, and SCA tooling integrated into CI/CD pipelines
Conduct code-level security reviews (OWASP Top 10, Laravel-specific attack vectors)
Define and enforce API security standards (OAuth 2.0, rate limiting, input validation)
Secure and harden AWS infrastructure (EC2, RDS, S3, CloudFront, Lambda, IAM, VPC)
Secure GCP environments for CreateOS (BigQuery, Pub/Sub, Cloud Run/GKE, IAM)
Implement CSPM across AWS and GCP; enforce guardrails and compliance baselines
Harden container/Kubernetes security, secrets management, and network policies
Support identity federation/SSO with Rippling as primary IDP
Build out security monitoring, SIEM, incident response, and vulnerability management
Help operationalize CMG's security roadmap across all security domains
Other duties as assigned

Qualifications

5+ years of experience in application security, cloud security, or security engineering roles.
Bachelor's degree in Computer Science, Cybersecurity, or related field preferred (not required with equivalent experience)
Strong PHP/Laravel application security expertise
Deep AWS security knowledge (IAM, VPC, S3, KMS, CloudTrail, GuardDuty, Security Hub, WAF)
Solid GCP security experience (IAM, VPC Service Controls, Security Command Center, Cloud Armor)
Proficiency with SAST/DAST/SCA tools (Semgrep, SonarQube, Snyk, Burp Suite, OWASP ZAP)
Experience securing financial transaction / payment processing applications
Container security (Docker, Kubernetes/GKE), image scanning, runtime protection
Strong IAM understanding: SAML, OIDC, SCIM, MFA, privileged access management
Familiarity with SOC 2, ISO 27001, NIST CSF, CIS Benchmarks
SIEM/log management experience with detection and alerting rules
Preferred: PCI-DSS compliance, IaC security (Terraform), music/media industry experience
Preferred: AWS Security Specialty, GCSPE, OSCP, GWAPT, or CISSP certifications

Pay Scale

$120,000 - $135,000 CAD per year
The final compensation within this range will be determined based on the candidate’s experience, skills, and overall fit for the role.

Senior Application & Cloud Security Engineer

Key skills

About this role