A famous Internet services company is hiring a security engineer to join their Security team in Tokyo. One of their team’s goals is to have development teams engaged with the security team as early as possible in the software development life cycle.
As a security engineer, you will perform threat modeling, code reviews, and security testing to minimize risks and ensure compliance. You will also collaborate with engineers from a variety of teams to architect and deliver projects securely. If necessary, you are even allowed to send a pull request to fix the bug as an example for developers. In addition, in this role, you will have an opportunity to improve Continuous Integration process for security, build automated test suites, integrate static analysis testing, creating tools to automate security tasks.
‐ Review designs to define necessary security requirements based on threat models and attack trees.
‐ Review proposed architecture, such as infrastructure or information flows, and proposes a set of security controls in order to minimize risk.
‐ Review source code to find security bugs and coding errors.
‐ Conduct vulnerability assessments and penetration testing on the company's Web, API, iOS and Android Applications.
‐ Automate security checks and tests so that they can be easily and transparently plugged into the current CI/CD pipelines.
‐ Develop technical solutions to help mitigate security vulnerabilities.
‐ Maintain technical & security standards for web application and mobile application technologies.
‐ Educate developers on secure coding practices with workshops, talks, and lessons.
‐ Evaluate and investigate suspected security events/incidents and perform remediation in accordance with Incident Response plan/procedures.
‐ Collaborate with information security officers, legal team, and internal auditors on technical security matters.
【会社概要 | Company Details】
Our client is a fast growing C to C E-commerce company. Their selling application has become one of the largest marketplace in Japan.
【就業時間 | Working Hours】
10:00 - 19:00（Mon - Fri）; Flextime
【休日休暇 | Holidays】
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
【待遇・福利厚生 | Services / Benefits】
Social insurance, Transportation Fee
‐ Experience analyzing the security of systems (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.).
‐ Good understanding of modern web application architecture, HTTP, TCP/IP, and standard network and system security technologies.
‐ Familiar with software development tools, such as version control system, integrated development environment (IDE), and CI/CD tools.
‐ Foundation in, and in-depth technical knowledge of, security engineering, computer and network security, operating system security, mobile security, authentication, security protocols and applied cryptography
‐ Good understanding of development methodologies such as Object-Oriented Programming,Domain Driven Design, and Test Driven Design.
‐ Good understanding of microservices architecture
‐ Knowledge of container and orchestration technology like Docker and Kubernetes
‐ Experience working in a DevOps/Agile environment