Senior Application Security Engineer

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Responsibilities

• Build the Application Security Program
  • Develop policies, procedures, and standards to safeguard our applications.
  • Conduct risk assessments and implement controls to mitigate security threats.
  • Help manage external pentesting required to meet regulatory compliance.
• Integrate Security into the SDLC
  • Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
  • Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
  • Guide development teams in integrating security best practices.
  • Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.
• Foster a Secure Code Culture
  • Promote application-security awareness and best practices across all teams.
  • Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
  • Provide training and resources to development teams to ensure secure coding practices.

Requirements

• Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
• Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
• Strong understanding of security principles and practices.
• Previous experience as a developer is highly desirable.
• Familiarity with application security assessment tools.
• Experience with end-to-end vulnerability management (e.g., SAST and DAST).
• Technical knowledge to understand vulnerability risk and remediation steps.
• DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
• Familiar with security hardening standards and implementation.

Nice to haves

While not specifically required, tell us if you have any of the following.

• Working proficiency in Japanese is helpful but not necessary.
• Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
• Experience with building custom security tooling is a plus.
• Cyber Security related certifications.