Cyber Security Testing Analyst

This is a Full Time Job

Sony Music is looking for a motivated and passionate early career individual to join our Global Information Security team as a cyber security testing analyst.

In this role, you will contribute to hands-on security testing and assurance activities, collaborate closely with engineering and technology teams, and continuously develop your technical and analytical skills. You will help identify weaknesses before they become incidents and support efforts to strengthen the security of systems that protect sensitive data such as credentials, personal information, and business-critical content.

What you'll do:
• Conduct technical security testing of applications, systems, APIs, websites, and supporting infrastructure in partnership with other members of the Global Information Security team
• Participate in vulnerability assessments, penetration testing activities, and security validation efforts using a mix of manual techniques and automated tools
• Perform manual assessments that may include structured Q&A-based evaluations, evidence review, and technical validation of controls implemented by engineering or platform teams
• Analyze findings, validate risk, and assist with clear documentation of security issues to support effective remediation by engineering and technology teams
• Collaborate with developers, platform owners, and product teams to answer security questions, clarify findings, and support secure design decisions
• Research emerging threats, vulnerabilities, tooling, and attack techniques (including those involving automation and AI-enabled threats) and assess their potential relevance to Sony Music
• Contribute to the ongoing evolution of security testing playbooks, processes, and documentation to improve consistency and coverage over time
• Develop proficiency with modern security tools, scripting, and testing approaches as part of your on-the-job learning and professional growth

Who you are:
• You have 2 years of hands-on experience working in an enterprise environment within the cyber security field, ideally in security testing, vulnerability management, application security, or a closely related discipline
• You’ve participated in real-world security assurance activities, including hands-on testing and structured security assessments based on technical questionnaires, evidence review, and control validation
• You are comfortable evaluating technical security controls even when the work involves discussion, documentation, or Q&A – not just running tools or exploits
• You understand how security operates at scale, including exposure to enterprise environments, shared services, multiple stakeholders, and operational constraints
• You bring curiosity to how systems behave under both normal and abnormal conditions, and you naturally dig deeper than surface-level scan results
• You know when and how to responsibly leverage AI and LLMs in your work – such as accelerating research, analyzing findings, drafting documentation, or exploring potential attack paths – while understanding their limitations, risks, and the importance of human judgment
• You communicate clearly and professionally, especially when explaining technical security issues and risk to audiences with varying levels of technical depth
• You are methodical, detail-oriented, and accountable for your work, with a strong sense of ownership over outcomes – not just tasks
• You are motivated to deepen your technical skills over time and interested in growing into more specialized security testing, assurance, or security engineering roles as your experience matures