東京

Senior Application Security Engineer

Tokyo
Remote OK - Anywhere in Japan
Full-time
September 24, 2025

About KOMOJU

KOMOJU (by Degica) is the leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok. Today we help thousands of merchants by providing them with the payment infrastructure they need through developer-friendly API’s to integrations on popular platforms like Shopify and Wix; we help our merchants grow in all markets they are expanding. Degica fosters a flat, inclusive culture with a focus on project ownership, continuous improvement, and remote work flexibility.

About this position

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Why join Degica?

Be part of an innovative and forward-thinking company in the payment space
Work in a collaborative and inclusive environment.
Opportunity to shape the security landscape of the organization.
Competitive salary and benefits package.

If you are passionate about application security and have the skills and experience we are looking for, we encourage you to apply and help us secure our digital future.

Responsibilities

Build the Application Security Program

Develop policies, procedures, and standards to safeguard our applications.
Conduct risk assessments and implement controls to mitigate security threats.
Help manage external pentesting required to meet regulatory compliance.

Integrate Security into the SDLC

Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
Guide development teams in integrating security best practices.
Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.

Foster a Secure Code Culture

Promote application-security awareness and best practices across all teams.
Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
Provide training and resources to development teams to ensure secure coding practices.

Requirements

Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
Strong understanding of security principles and practices.
Previous experience as a developer is highly desirable.
Familiarity with application security assessment tools.
Experience with end-to-end vulnerability management (e.g., SAST and DAST).
Technical knowledge to understand vulnerability risk and remediation steps.
DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
Familiar with security hardening standards and implementation.

Nice to have

Working proficiency in Japanese is helpful but not necessary.
Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
Experience with building custom security tooling is a plus.
Cyber Security related certifications.

Tech Stack:

Languages: JavaScript, Ruby, Python, Rust
Frameworks: Ruby on Rails, Vue
Databases: PostgreSQL, MySQL
DevOps: Docker, AWS
Version Control: GitHub
Monitoring and Logging: DataDog

Benefits

At Degica, we embrace remote work while also offering office space for those who prefer in-person collaboration
10 days regular vacation, additional 5 days summer and 5 days winter vacation
Paid birthday holiday
Budget for self-learning allowance, to ensure our employees’ skills remain current
Language training for Japanese

APPLY NOW ➜

About KOMOJU

Global payments made simple

KOMOJU is the leading cross-border payment gateway for Japan. They power payments for companies like the video game distribution platform Steam and the popular mobile app TikTok. Today, they help thousands of merchants by providing the payment infrastructure they need, from developer-friendly APIs to integrations on popular platforms like Shopify and Wix. They help merchants grow in all the markets they are expanding into.

Developer-centric, inclusive culture

Engineers at KOMOJU work in a developer-centric and inclusive culture where engineers have a say in both product and technical decisions. The culture is largely self-organizing, which means engineers have both a stake and ownership in what they work on. Engineers play to their strengths, but are also able to invest in areas where they want to grow within the team. At KOMOJU, engineers are the main drivers behind their growth and position in the company.

International at core

Around half of the team members come from outside Japan. English is the primary language used within the engineering team, and throughout the company many people are bilingual.

As an international company, KOMOJU understands the importance of bilingualism. They offer all employees a choice between optional English and Japanese lessons to help create a culture of diversity and ensure smooth collaboration across teams.

Passionate about technology

Developers at KOMOJU are passionate about their craft. To foster innovation, they have a monthly open hack day where developers can work on whatever they want. It could be trying a new programming language or tool, fixing a long-standing annoyance, or something fun and experimental, like building a game.

Japanese Language Policy
With around half of KOMOJU’s total members (and around 90% of engineers) coming from outside Japan, teams generally use English for written communication(e.g. Slack, Github).

Verbal communication is also primarily in English.

However, quite a few people can speak both English and Japanese fluently, so Japanese may be spoken at times during meetings, especially when they involve teams other than engineering.

Overall, the language spoken depends on the team. The dev team uses mostly English, but the HR team (for example) speaks primarily Japanese.
Visa Sponsorship
KOMOJU sponsors visas for candidates living outside of Japan. KOMOJU also helps out with relocation (searching for apartments etc.) but they don’t have a formal policy for this. The support offered depends on each individual case. They do always pay for flight tickets to Japan in the case that someone moves from abroad.
Paid Leave
KOMOJU offers annual leave starting at 10 days, an extra paid holiday on employees’ birthdays, 5 additional vacation days that can be used during the summer months, and another 5 days of year-end holidays.
Benefits
💻 New tech gear

👩‍🎓 Skill development support

💛 Support for attending conferences

💜 Seminar participation support

📕 Book purchases

🍔 Free lunch

🍹 Free drinks

👶 Parental Leave

👩‍🏫 Language Learning Support (Language courses)

💚 Translation support (EN<>JP)

💟 Complete health and social insurance

🚃 Commuter allowance
Engineer Interview Process
Engineering Roles

KOMOJU aims to keep their hiring process thoughtful and efficient. Typically, it involves 3–4 stages depending on the role:
- Initial Screening
- Take-home Exercise
- Technical Interview (Team Interview)
- Final Interview with Leadership
Throughout the process, the team evaluates technical skills and looks for alignment with team culture and potential for long-term growth.
Work style
KOMOJU operates as a remote-first company while placing a strong emphasis on personal connections and close collaboration. The company maintains an office in the Kichijoji area of Tokyo, which employees are welcome to visit for in-person collaboration and company events, such as weekly lunches provided at no cost.

Team members have the flexibility to work from anywhere within Japan, as well as up to three months per year from abroad. KOMOJU also offers flexible scheduling, allowing employees to set their own hours as long as they are available during the company’s core hours, Monday to Friday from 10:00 to 15:00 JST.