IT Security Engineer
This is an amazing opportunity to join a global financial firm that utilizes cutting edge technology.
The successful candidate will work at the Service Delivery Division of The Risk Reduction Engineering team. The Service Delivery division provides assurance for the services they provide.
This includes important functions ranging from Service Reliability Engineering to Security Engineering to creating cutting edge internal tooling. The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects. These defects are shepherded to their solutions with guidance from RRE.
IT Security Engineer is responsible for help define and support secure continuous delivery approaches including tools and automated processes.
They are looking for a person with strong interpersonal/communication skills although language is not the most important part. It's about "communicating"- means building mutual trust and having a lot of patience in helping teams, understand security problems and being kind when mistakes are made.
We also want someone who is confident in their engineering skills because they know they are good (and we better ensure that's the case). The person has a strong "what if" mentality and is able to really prove the "why's".
ROLES AND RESPONSIBILITIES
- Help define security requirements within the cloud environment around automation CI/CD, access controls,authorization, authentication, network, automated compliance, alerting and forensics
- Assist with application security testing and code reviews
- Perform security reviews, identifying gaps in secure architecture and design
- Co-create security policies and standards
- Review and design application security controls
- Research information security standards for adoption
- Develop secure coding policies, procedures and standards
- Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
【会社概要 | Company Details】
Our client is a global consulting firm that established a Japanese corporation in 2014. They have strengths in M&A and business strategies, boasting an error rate close to zero.
【就業時間 | Working Hours】
9:15 - 17:15（Mon - Fri）
【休日休暇 | Holidays】
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
【待遇・福利厚生 | Services / Benefits】
Social insurance, Transportation Fee, No smoking indoors allowed (Designated smoking area), etc.
- Solid knowledge and experience in cloud computing (specifically Microsoft Azure)
- Solid understanding of public cloud (Azure, AWS, GCS, etc)
- Practical application of secure engineering principles
- Practical experience with SAST and DAST tools and workflows
- Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity and access control management toolsets
- Experience with third party tools (e.g. Splunk, Elastisearch etc) to analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
- Threat modeling