Security Engineer


SoundExchange is the premier music tech organization on a mission to power the future of music. The organization collects and distributes digital performance royalties on behalf of more than 560,000 recording artists’ and master rights owners’ accounts and to date has paid more than $9 billion in distributions. Through unparalleled innovation of financial tech products and services, it distributes royalties to creator groups, advocates for fair pay across platforms, and creates systems that improve how the industry operates. Its proprietary fintech solutions help turn data into accurate revenue for creators and include Music Data Exchange (MDX) and International Standard Recording Codes (ISRC) Search.

Position Summary

Have you ever wanted to work in a technology role that directly impacts the music industry? Are you interested in contributing to a team that develops business solutions that benefit independent artists and music companies alike? Then join us at SoundExchange, where we have the privilege of serving the entire community of music creators and providers!

At SoundExchange, we have a cloud-based enterprise software platform and underlying infrastructure to support our rapidly growing and evolving business. We are a highly versatile and technical team, leveraging network engineering, application security, architecture, risk assessment and control alignment. We are seeking an individual to become a member of our IT Infrastructure team as a Security Engineer. The Security Engineer will work closely with other team members to provide a robust and reliant framework and processes for securing the company’s networks and systems.

The Security Engineer provides analysis of known and emerging threats to determine risks against SoundExchange assets and infrastructure. This role aligns with IT management on the creation, maintenance, governance, and communication of security policies and standards across the technical environment. This role ensures that compliance is maintained and SoundExchange’s assets are effectively managed and monitored to meet security policies, standards, and criteria. We are seeking an individual who is focused on delivery, prioritizes data-driven decisions over opinions, is a continuous learner, is passionate about information security, and loves their work.

Essential Functions

  • Evaluate a variety of deployment scenarios (e.g., on-prem, cloud, cloud-to-cloud, and hybrid), services, models, and technology to ensure they are secure and compliant across the company.
  • Regularly interact with internal teams and external vendors on security-related requirements, projects, issues, and operational tasks.
  • Provide situation-based analysis and support, using in-depth knowledge of SoundExchange technology, to ensure systems are designed in accordance with and are aligned with Company security requirements.
  • Create, review and present reports, position papers, assessment recaps to team, and other IT leaders.
  • Execute and lead advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents.
  • Identify, select, develop and document architecture artifacts (reference architectures, standards, policies, reusable designs, and best practices).
  • Research, learn, and assess new technologies.
  • Identify issues, lead discussions, and document solutions.
  • Promotes awareness of applicable security policies and standards and implements/coordinates remediation required by audits as necessary.
  • Know and evaluate current policies to provide risk analysis and implementation guidance.


  • 3 years of experience with one or more areas including: public cloud, virtual network, cloud security
  • 3-5 years of practical cloud information security experience
  • 5 years of information technology experience in an enterprise environment
  • Experience in information management and information technology security design and implementation
  • Demonstrate experience with analyzing security event logs from Windows, Unix, intrusion detection systems, network, and remote access solutions
  • Experience managing IDS / IPS / firewall systems in distributed/hybrid cloud environment
  • Demonstrate proficiency in creating conceptual, logical and physical security diagrams
  • Thorough understanding of vulnerabilities and countermeasures
  • Detailed understanding of TCP/IP and related communication protocols, Windows authentication mechanisms (Kerberos, NTLM, AD), networking technologies, software defined computing, containerization, routing and switching, and risk analysis and risk management methodologies
  • Able to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment
  • Excellent written and verbal communication skills (including reporting and presentations)
  • Solid knowledge of information security principles and practices as well as latest scalable technologies

COVID-19 Policy

Applicants who receive a conditional offer of employment will be required to disclose their COVID-19 vaccination status prior to beginning employment. Employees who are not fully vaccinated will not be permitted to access SoundExchange offices until they are fully vaccinated. As a condition of employment, all SoundExchange employees will be required to be fully vaccinated. SoundExchange will provide reasonable accommodations for employees who cannot be vaccinated because of a disability or sincerely held religious belief. Accommodation requests will be considered on a case-by-case basis.


To apply, please send a cover letter and résumé to [email protected].

Note: The above statements are intended to describe the general nature and level of work being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. Management reserves the right to modify, add, or remove duties and to assign other duties as necessary.