Skillhouse Internal Career Opportunity
Security Engineer/Vulnerability Management Engineer (7223)
Position Title:
Security Engineer/Vulnerability Management Engineer (7223)
Employment Type:
Haken
Working Hours:
Japanese Level - None,English Level - Advanced (TOEIC 860)
Salary
Description
The Cyber Security Defense Department of an IT Service firm is looking for a Security Engineer (Vulnerability Management Engineer) . This position will primarily focus on providing comprehensive support for vulnerability remediation and audits, ensuring effective and efficient resolution of vulnerabilities reported by scanners during DevSecOps. While security testing responsibilities are included, the main focus of this role is to assist development teams in remediating vulnerabilities. The ideal candidate should be a passionate security professional with excellent communication skills who pays attention to detail to understand, explain, and track vulnerabilities.
Responsibilities:
- Vulnerability Remediation Support
- Provide support for remediating vulnerabilities identified through DevSecOps scanners (e.g., SAST, DAST, SCA)
- Assist development teams in understanding vulnerability reports and recommending appropriate remediation strategies
- Assist in reviewing security remediation or justification evidence provided by development teams to ensure effectiveness and compliance with security policies
- Manage vulnerability remediation status on internal ticket system, ensuring timely updates, proper tracking, and escalation of overdue items
- Collaborate with security engineers and developers to improve the overall vulnerability management process
- Act as a primary point of contact for development teams regarding vulnerability remediation efforts
- Proactively communicate with development teams to ensure timely remediation of vulnerabilities
- Security Testing on Web Application/API
- Application penetration testing to discover the vulnerability of target web applications and APIs, following industry standards such as the OWASP web security testing methodology using Burp Suite
- Network scan using tools such as Nmap and Nessus
- Create vulnerability tickets to report the findings during security testing and share them during the debriefing meeting
- Conduct kick-off meetings and connection checks to ensure the provided test information is sufficient before starting the security testing
- Vulnerability management includes follow-up and re-verification of vulnerabilities after remediation
Required Skills:
- Understanding of common web application vulnerabilities (OWASP Top 10) and remediation techniques
- Experience with vulnerability scanners (SAST, DAST, SCA) and their output
- Familiarity with JIRA or other ticketing systems
- Excellent written and verbal communication skills, with the ability to explain technical concepts to both technical and non-technical audiences
Why should you apply:
- This is a long-term opportunity with a chance to become a permanent employee
- You will be working with international team members
- Free breakfast, lunch and dinner at the cafeteria
Company Details:
A global company with a strong presence in multiple business areas. It has achieved sustained growth both domestically and internationally, including in the U.S. and Europe. The company boasts a diverse and international environment and is committed to equal opportunity, offering a wealth of career opportunities. Due to the diverse nature of our business, we handle a wide range of technologies! You can also choose the environment you are most comfortable with, such as Windows/Mac! Meals in the company cafeteria are also free. Our chefs are always coming up with new menu items, so you can enjoy your meal without getting bored!
Working hours: 9:00 - 17:30 (Mon-Fri)
Working Style: Hybrid (4 days in office, 1 day work from home)
Holidays: Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
Services/Benefits: Social insurance, DC Pension Plan, Transportation Fee, Skillhouse University, Test payback system, and more