Senior Application Security Engineer

KOMOJU Musashino-Shi, Tokyo April 30 2026
  • 💴 No salary range given
  • 🏡
    Fully remote
    From Japan
  • 🌏
    Apply from abroad
    Relocate to Japan
  • 💬
    No Japanese required
    Business English
  • 🧪
    Senior level
    3+ years experience required
DO YOU NEED MORE INFO?
ASK A QUESTION

About KOMOJU

KOMOJU Musashino-Shi, Tokyo

The leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok.

Key benefits

  • Developer-centric, inclusive culture
  • International at our core
  • Generous holiday policy
Read more

About the position

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Tech Stack:

  • Languages: JavaScript, Ruby, Python, Rust
  • Frameworks: Ruby on Rails, Vue
  • Databases: PostgreSQL, MySQL
  • DevOps: Docker, AWS
  • Version Control: GitHub
  • Monitoring and Logging: DataDog

Responsibilities

  1. Build the Application Security Program
    • Develop policies, procedures, and standards to safeguard our applications.
    • Conduct risk assessments and implement controls to mitigate security threats.
    • Help manage external pentesting required to meet regulatory compliance.
  2. Integrate Security into the SDLC
    • Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
    • Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
    • Guide development teams in integrating security best practices.
    • Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.
  3. Foster a Secure Code Culture
    • Promote application-security awareness and best practices across all teams.
    • Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
    • Provide training and resources to development teams to ensure secure coding practices.

*We’re hiring for multiple openings across different seniority levels. The final title and scope of responsibilities will be determined based on your experience and performance throughout the interview process.

Requirements

  • Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
  • Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
  • Strong understanding of security principles and practices.
  • Previous experience as a developer is highly desirable.
  • Familiarity with application security assessment tools.
  • Experience with end-to-end vulnerability management (e.g., SAST and DAST).
  • Technical knowledge to understand vulnerability risk and remediation steps.
  • DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
  • Familiar with security hardening standards and implementation.

Nice to haves

While not specifically required, tell us if you have any of the following.

  • Working proficiency in Japanese is helpful but not necessary.
  • Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
  • Experience with building custom security tooling is a plus.
  • Cyber Security related certifications.

Hiring Process

  1. 1

    Initial screening call with HR

    To understand candidates’ overall professional background, career aspirations, and to evaluate the fit for the role/ culture.

  2. 2

    Take-home exercise

    It’s opportunity to evaluate candidates’ practical experience and observe that they follow best practices.This includes, but is not limited to, their coding skills, problem-solving abilities, system design capabilities and ability to optimize and maintain code. We normally give the applicant one week to complete it, but we don’t expect it to take more than 2 hours.

  3. 3

    Technical team interview

    This interview serves two purposes: it’s a chance to review the take-home exercise and assess the candidate’s technical abilities, and it also helps evaluate their soft skills, how well they collaborate with stakeholders and team members, manage their work (time management, prioritization, adaptability), and demonstrate a commitment to continuous learning.

  4. 4

    Final interview with leadership

    We’re looking here to assess culture add. We’re not looking for people that just fit the status quo (culture fit), we want candidates who can bring something new and valuable to our culture. While ensuring that they still align with our core values, we want to assess their ability to adapt to recent changes within the organization and to help guide the organization through its next stage of development.

DO YOU NEED MORE INFO?
ASK A QUESTION

Meet KOMOJU's Developers

Photo of Kazunori Kajihiro

Kazunori initially joined KOMOJU as a web application engineer, but by identifying problems he wanted to fix, his role shifted first to VP of Infrastructure, and then VP of Payment Products.

Read their story...
Photo of Nicole Wong

Nicole joined KOMOJU in 2020, and worked her way up to be technical lead of the merchant management team. She shares her journey, how KOMOJU supported her career growth and how the company is adapting to its growing needs.

Read their story...
Photo of Richard Ramsden

Becoming CTO of KOMOJU

with Richard Ramsden

After graduating from university, Richard came to Japan and found a job as a software developer. Eventually he joined KOMOJU, where he rose to the role of CTO.

Read their story...
Photo of Nigel Baillie

Nigel was fresh out of college when he joined KOMOJU as a developer. He's now risen to tech lead, where he's helped build out their payment platform while maintaining a healthy work-life balance.

Read their story...
Photo of Muhammad Denaw

Muhammad Denaw, Senior Site Reliability Engineer at Komoju, talks about his work and shares how Komoju's trust and support propelled him to a promotion.

Read their story...
Photo of Makoto Mizukami

Head of Customer Engineering Makoto Mizukami describes the unconventional candidates his unique team is looking for.

Read their story...

Related jobs

More jobs like this

We'll send you a digest of new English-friendly software developer jobs in Japan. Your email stays private, we don't share or sell it.