【大手C2CEコマース】プロダクトセキュリティ

勤務形態
正社員
給与
7,000,000 JPY - 12,000,000 JPY per year
日本語レベル
なし
英語レベル
ビジネスレベル(TOEIC 860)
開始日
ASAP
勤務地
東京

職務内容

A famous Internet services company is hiring a security engineer to join their Security team in Tokyo. One of their team’s goals is to have development teams engaged with the security team as early as possible in the software development life cycle.

As a security engineer, you will perform threat modeling, code reviews, and security testing to minimize risks and ensure compliance. You will also collaborate with engineers from a variety of teams to architect and deliver projects securely. If necessary, you are even allowed to send a pull request to fix the bug as an example for developers. In addition, in this role, you will have an opportunity to improve Continuous Integration process for security, build automated test suites, integrate static analysis testing, creating tools to automate security tasks.

【Main Responsibilities】
‐ Review designs to define necessary security requirements based on threat models and attack trees.
‐ Review proposed architecture, such as infrastructure or information flows, and proposes a set of security controls in order to minimize risk.
‐ Review source code to find security bugs and coding errors.
‐ Conduct vulnerability assessments and penetration testing on the company's Web, API, iOS and Android Applications.
‐ Automate security checks and tests so that they can be easily and transparently plugged into the current CI/CD pipelines.
‐ Develop technical solutions to help mitigate security vulnerabilities.
‐ Maintain technical & security standards for web application and mobile application technologies.
‐ Educate developers on secure coding practices with workshops, talks, and lessons.
‐ Evaluate and investigate suspected security events/incidents and perform remediation in accordance with Incident Response plan/procedures.
‐ Collaborate with information security officers, legal team, and internal auditors on technical security matters.


【会社概要 | Company Details】
2013年に創業し、急成長しているC2CのEコマース企業です。グローバル展開にも意欲的で、オフィスも国際的な雰囲気です。
Our client is a fast growing C to C E-commerce company. Their selling application has become one of the largest marketplace in Japan.

【就業時間 | Working Hours】
10:00 - 19:00(Mon - Fri); Flextime

【休日休暇 | Holidays】
完全週休2日制(土日祝休み)、年末年始、年次有給休暇、その他特別休暇など
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays

【待遇・福利厚生 | Services / Benefits】
各種社会保険完備(厚生年金保険、健康保険、労災保険、雇用保険)、通勤交通費支給等
Social insurance, Transportation Fee

必須スキル

‐ Have strong programming skills with one or more programming languages including but not limited to: Go, PHP, Java, Ruby, Python, C/C++, Objective-C, Swift, Kotlin, or JavaScript.
‐ Experience analyzing the security of systems (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.).
‐ Good understanding of modern web application architecture, HTTP, TCP/IP, and standard network and system security technologies.
‐ Familiar with software development tools, such as version control system, integrated development environment (IDE), and CI/CD tools.

優遇されるスキル・経験

‐ Foundation in, and in-depth technical knowledge of, security engineering, computer and network security, operating system security, mobile security, authentication, security protocols and applied cryptography
‐ Have strong experience in securing PHP, Go, JavaScript, iOS, and Android applications
‐ Good understanding of development methodologies such as Object-Oriented Programming,Domain Driven Design, and Test Driven Design.
‐ Good understanding of microservices architecture
‐ Knowledge of container and orchestration technology like Docker and Kubernetes
‐ Experience working in a DevOps/Agile environment