Senior Security Engineer

KOMOJU Musashino-Shi, Tokyo
    💴 ¥10M ~ ¥14M annually
    🏡 Fully remote
    🧪 Minimum years of experience unspecified
    💬 No Japanese required
    🌏 Apply from abroad
    🧳 Relocate to Japan
DO YOU NEED MORE INFO?
ASK A QUESTION

About KOMOJU

KOMOJU Musashino-Shi, Tokyo

The leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok.

Key benefits

  • Developer-centric, inclusive culture
  • International at our core
  • Generous holiday policy

About the position

We are a payment processor that handles very sensitive data for both our merchants and their customers. As we grow we need to make sure that our security is excellent and that our customer’s data is secure.

We are seeking a skilled and motivated security engineer to lead and start the KOMOJU cybersecurity team. We are looking for a security specialist who can inform us how we can improve our product’s security and what processes we need in-house to do that.

You will be reporting directly to our CTO and will be responsible for the company’s security information and event management (SIEM) platform. Your job will be to help grow and shape our security efforts and practices. This will include improving our development process to be secure by design, to educate the team on best practices, and help to set up automated monitoring for abnormal or unexpected behavior. You will be playing a critical role in maintaining the security and integrity of KOMOJU’s data.

We write primarily in Ruby and deploy to AWS, so understanding how to implement security in these environments will be vital. Knowing Ruby is not a requirement for this role as the company is happy to invest time and resources for you to come up to speed.

In the short-term, you will learn about our product by studying our organizations assets and setup proactive security monitoring around them to prevent attacks. Additionally, you will work with our Bug Bounty vendor YesWeHack (Bi-weekly) to grow and improve our external Bug bounty program.

Responsibilities

  • Create dashboards and alerts to monitor the security posture of the platform.
  • Monitor security events to identify potential threats and vulnerabilities.
  • Maintain a security information event management platform (SIEM) to collect and analyze security events.
  • Work closely with the Engineering team to define processes and practices to improve application and infrastructure security.
  • Lead the investigation and analysis of security incidents to determine the root cause and impact.
  • Prepare incident response protocols for containment, elimination, and recovery activities.
  • Perform regular assessments of the effectiveness of security tools and recommend improvements or enhancements as needed.
  • Lead the penetration testing and bug bounty programs to ensure the system is secure from external attacks.

Requirements

  • Experience in implementing and managing SIEMs.
  • Knowledge of cybersecurity best practices, industry standards, and compliance requirements.
  • Familiarity with IDS and IPS tools and services.
  • Solid understanding of OWASP web vulnerabilities and remediations.
  • Strong understanding and experience in AWS cloud platform.
  • Knowledge on authentication and authorization technologies and services.
  • Experience in security configuration on Linux servers.
  • Knowledge of PCI DSS standards.

Nice to haves

While not specifically required, tell us if you have any of the following.

  • Relevant certifications such as CISSP, CISM or GCIH
  • Experience building and working on large-scale software products
  • Solid understanding of software development best practices
  • Understanding of concepts like technical debt and continuous integration
  • Experience in IaC and coding skills in Python or scripting languages
  • Knowledge of the Ruby programming language
  • Able to speak Japanese

Compensation

10 to 14 million JPY annually.

Includes (rough estimate of) profit share. Based on experience and skill level.

Hiring Process

  1. 1

    Initial Screening

    If you pass the resume screening stage, you’ll be invited for an initial interview with the recruitment team. We’ll answer any questions you have about the rest of the hiring process there.

DO YOU NEED MORE INFO?
ASK A QUESTION

Meet KOMOJU's Developers

Nigel was fresh out of college when he joined KOMOJU as a developer. He's now risen to tech lead, where he's helped build out their payment platform while maintaining a healthy work-life balance.

Read his story...

Nicole joined KOMOJU in 2020, and worked her way up to be technical lead of the merchant management team. She shares her journey, how KOMOJU supported her career growth and how the company is adapting to its growing needs.

Read her story...

Other Jobs at KOMOJU

Related jobs

More jobs like this

I'll send you a digest of new English-friendly software developer jobs in Japan. Your email stays private, I don’t share or sell it.