Senior Security Engineer

  • Tokyo
  • Remote OK - Anywhere in Japan
  • Full-time
  • August 26, 2024
Conditions
yen-icon
¥10M ~ ¥14M /yr
location-icon
Apply from Anywhere 👍
visa-icon
Relocation to Japan 👍
(Overseas visa sponsorship supported)
Requirements
language-icon
Language Requirements
Japanese: Not Required 👍
English: Business Level
career-icon
Minimum Experience
Senior or above

About the position

We are a payment processor that handles very sensitive data for both our merchants and their customers. As we grow we need to make sure that our security is excellent and that our customer’s data is secure.
We are seeking a skilled and motivated security engineer to lead and start the Degica’s cybersecurity team. We are looking for a security specialist who can inform us how we can improve our product’s security and what processes we need in-house to do that.

You will be reporting directly to our CTO and will be responsible for the company’s security information and event management (SIEM) platform. Your job will be to help grow and shape our security efforts and practices. This will include improving our development process to be secure by design, to educate the team on best practices, and help to set up automated monitoring for abnormal or unexpected behavior. You will be playing a critical role in maintaining the security and integrity of Degica’s data.

We write primarily in Ruby and deploy to AWS, so understanding how to implement security in these environments will be vital. Knowing Ruby is not a requirement for this role as the company is happy to invest time and resources for you to come up to speed.
In the short-term, you will learn about our product by studying our organizations assets and setup proactive security monitoring around them to prevent attacks. Additionally, you will work with our Bug Bounty vendor YesWeHack (Bi-weekly) to grow and improve our external Bug bounty program.

 

Responsibilities

  • Create dashboards and alerts to monitor the security posture of the platform.
  • Monitor security events to identify potential threats and vulnerabilities.
  • Maintain a security information event management platform (SIEM) to collect and analyze security events.
  • Work closely with the Engineering team to define processes and practices to improve application and infrastructure security.
  • Lead the investigation and analysis of security incidents to determine the root cause and impact.
  • Prepare incident response protocols for containment, elimination, and recovery activities.
  • Perform regular assessments of the effectiveness of security tools and recommend improvements or enhancements as needed.
  • Lead the penetration testing and bug bounty programs to ensure the system is secure from external attacks.

 

Requirements

  • Experience in implementing and managing SIEMs.
  • Knowledge of cybersecurity best practices, industry standards, and compliance requirements.
  • Familiarity with IDS and IPS tools and services.
  • Solid understanding of OWASP web vulnerabilities and remediations.
  • Strong understanding and experience in AWS cloud platform.
  • Knowledge on authentication and authorization technologies and services.
  • Experience in security configuration on Linux servers.
  • Knowledge of PCI DSS standards.

 

Nice to haves

These aren't required, but be sure to mention them in your application if you have them.

  • Relevant certifications such as CISSP, CISM or GCIH
  • Experience building and working on large-scale software products
  • Solid understanding of software development best practices
  • Understanding of concepts like technical debt and continuous integration
  • Experience in IaC and coding skills in Python or scripting languages
  • Knowledge of the Ruby programming language
  • Able to speak Japanese

 

Compensation

10,000,000 - 14,000,000 yen / year

Includes (rough estimate of) profit share. Based on experience and skill level

KOMOJU (by Degica) is the leading cross-border payment gateway for Japan.

We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok.

Today we help thousands of merchants by providing them with the payment infrastructure they need, through developer-friendly API’s to integrations on popular platforms like Shopify and Wix; we help our merchants grow in all markets they are expanding.

When it comes to engineering, we believe in having a flat, inclusive culture and constantly improving by continuing to evaluate ourselves. We also prize individuality and believe that each member brings their own unique value to the team.

Our development processes are always updating as the company grows, and we have an engineering culture that largely organizes itself and each engineer has a lot of ownership in their own projects. This culture allows engineers to showcase their strengths while continuing to grow.

KOMOJU's policies during COVID-19 are as follows:

  • During COVID-19 all of their members are working from home 100% of the time (previously they allowed up to one day a week).
  • Their current plan is to continue their full remote policy even after COVID-19 is no longer a concern.
  • They’re able to accept applications from overseas, but you may need to work abroad until it’s possible to move to Japan.
View KOMOJU's company page

↑ Back to top ↑

Senior Security Engineer at KOMOJU
APPLY NOW  ➜