Senior Security Engineer

Tokyo
Remote OK - Anywhere in Japan
Full-time
January 19, 2024

About the position

We are a payment processor that handles very sensitive data for both our merchants and their customers. As we grow we need to make sure that our security is excellent and that our customer’s data is secure.
We are seeking a skilled and motivated security engineer to lead and start the Degica’s cybersecurity team. We are looking for a security specialist who can inform us how we can improve our product’s security and what processes we need in-house to do that.

You will be reporting directly to our CTO and will be responsible for the company’s security information and event management (SIEM) platform. Your job will be to help grow and shape our security efforts and practices. This will include improving our development process to be secure by design, to educate the team on best practices, and help to set up automated monitoring for abnormal or unexpected behavior. You will be playing a critical role in maintaining the security and integrity of Degica’s data.

We write primarily in Ruby and deploy to AWS, so understanding how to implement security in these environments will be vital. Knowing Ruby is not a requirement for this role as the company is happy to invest time and resources for you to come up to speed.
In the short-term, you will learn about our product by studying our organizations assets and setup proactive security monitoring around them to prevent attacks. Additionally, you will work with our Bug Bounty vendor YesWeHack (Bi-weekly) to grow and improve our external Bug bounty program.

Responsibilities

Create dashboards and alerts to monitor the security posture of the platform.
Monitor security events to identify potential threats and vulnerabilities.
Maintain a security information event management platform (SIEM) to collect and analyze security events.
Work closely with the Engineering team to define processes and practices to improve application and infrastructure security.
Lead the investigation and analysis of security incidents to determine the root cause and impact.
Prepare incident response protocols for containment, elimination, and recovery activities.
Perform regular assessments of the effectiveness of security tools and recommend improvements or enhancements as needed.
Lead the penetration testing and bug bounty programs to ensure the system is secure from external attacks.

Requirements

Experience in implementing and managing SIEMs.
Knowledge of cybersecurity best practices, industry standards, and compliance requirements.
Familiarity with IDS and IPS tools and services.
Solid understanding of OWASP web vulnerabilities and remediations.
Strong understanding and experience in AWS cloud platform.
Knowledge on authentication and authorization technologies and services.
Experience in security configuration on Linux servers.
Knowledge of PCI DSS standards.

Nice to haves

These aren't required, but be sure to mention them in your application if you have them.

Relevant certifications such as CISSP, CISM or GCIH
Experience building and working on large-scale software products
Solid understanding of software development best practices
Understanding of concepts like technical debt and continuous integration
Experience in IaC and coding skills in Python or scripting languages
Knowledge of the Ruby programming language
Able to speak Japanese

Compensation

10,000,000 - 14,000,000 yen / year

Includes (rough estimate of) profit share. Based on experience and skill level

APPLY NOW ➜

About KOMOJU

KOMOJU (by Degica) is the leading cross-border payment gateway for Japan.

We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok.

Today we help thousands of merchants by providing them with the payment infrastructure they need, through developer-friendly API’s to integrations on popular platforms like Shopify and Wix; we help our merchants grow in all markets they are expanding.

When it comes to engineering, we believe in having a flat, inclusive culture and constantly improving by continuing to evaluate ourselves. We also prize individuality and believe that each member brings their own unique value to the team.

Our development processes are always updating as the company grows, and we have an engineering culture that largely organizes itself and each engineer has a lot of ownership in their own projects. This culture allows engineers to showcase their strengths while continuing to grow.

KOMOJU's policies during COVID-19 are as follows:

During COVID-19 all of their members are working from home 100% of the time (previously they allowed up to one day a week).
Their current plan is to continue their full remote policy even after COVID-19 is no longer a concern.
They’re able to accept applications from overseas, but you may need to work abroad until it’s possible to move to Japan.

Japanese Language Policy
With around half of their total members (and around 75% of engineers) coming from outside Japan, KOMOJU generally uses English for written communication (e.g. Slack, Github). Verbal communication is also primarily in English.

However, quite a few people working there can speak both English and Japanese fluently so Japanese may be spoken at times during meetings, especially when they involve teams other than engineering.

Overall, the language spoken depends on the team. The dev team uses mostly English, but their HR team (for example) speaks primarily Japanese.
Visa Sponsorship
KOMOJU sponsors visas for candidates living outside of Japan. They’re still hiring from abroad, but due to travel restrictions related to COVID-19 new employees from abroad may need to start working on a contract basis. KOMOJU will switch you over to a full-time employee contract and sponsor your visa once it’s safe to come to Japan again.

KOMOJU also helps out with relocation (searching for apartments etc.) but they don’t have a formal policy for this. The support offered depends on each individual case. They do always pay for flight tickets to Japan in the case that someone moves from abroad however.
Paid Leave
KOMOJU has a very generous vacation policy.

Like most companies in Japan, their basic PTO package starts with 10 days of normal paid time off during an employee’s first year, followed by increases in subsequent years in accordance with Japanese labor law.

KOMOJU also offers 5 extra vacation days that can be used during the summer months, and another 5 days of year-end holidays.

They also have birthday leave, which means members can get an extra day off each year on their birthday. So that’s a total of 21 vacation days per year in addition to Japanese public holidays. They also offer maternity and paternity leave.
Benefits
💻 New tech gear

👩‍🎓 Skill development support

💛 Support for attending conferences

🧡 Seminar participation support

📕 Book purchases

👶 Parental Leave

👩‍🏫 Language Learning Support

💜 Social security / insurance benefits included

🏥 Healthcare insurance

💚 Pension insurance

🚃 Commuter allowance

👍 Motorized sitting / standing desks when working from our office
Engineer Interview Process
Engineering Jobs

KOMOJU’s interview process skips the high-pressure whiteboard interviews in favor of a coding challenge that’s closer to what engineers would actually work on day-to-day.

Here’s the basic interview flow:
- First interview: Meeting with two KOMOJU engineers to discuss about something you’ve built and see if you’re a good cultural fit
- Second interview: Technical challenge to test your real-world development skills
- Third interview: Meeting with a senior leader in the company
Remote Work
KOMOJU allows full remote work from anywhere in the world! The only stipulation is that your work hours must have some overlap with the JST time zone.

Even once COVID-19 is no longer a concern, KOMOJU intends to continue their full remote policy.

And if you do relocate to Japan, there's no need to live near their Tokyo office — you can work from anywhere in Japan.
Work style
KOMOJU has an office in the Kichijoji area of Tokyo, but they’ve switched to working fully remotely due to COVID-19. A typical work day at KOMOJU begins at around 10:00AM for most people. Some teams begin with a stand-up meeting where they quickly share their tasks for the day before focusing on work for the rest of the day.

One unique aspect of KOMOJU’s work style is their code review process. Since they have a flat hierarchy and a relatively small team, they have a system where reviewers are selected randomly. Their engineers also take care of operations and handle errors or technical customer queries as a team via Slack.

A typical stopping time for engineers at KOMOJU is at around 7:00PM, and they have very little overtime so engineers normally won’t be online past this time. They also make it a point to avoid unnecessary meetings and prefer to have ad-hoc discussions with relevant members only.
Twitter

KOMOJU

KOMOJUGames