Security Specialist (Product Security), CISO Office, Tokyo

At Money Forward, we develop a wide range of popular services, including our automated personal financial management tool “Money Forward ME” and the “Money Forward Cloud” suite for businesses. Our ecosystem is powered by advanced technologies such as “Account Aggregation” and our single sign-on system, “Money Forward ID.”

As our services handle sensitive financial data, we maintain the highest standards of security. The CISO Office works closely with our business units to ensure and enhance the security of our products. This includes the governance and visualization of major cloud platforms like AWS and GCP, as well as the design, implementation, and operation of common security features such as WAF. Additionally, the CISO Office is responsible for strengthening the security of our internal information systems.

To provide a safe and secure experience for even more users, we are looking for a Security Specialist to join our team.

About the CISO Office

Our mission is to “Maximize the value delivered to our customers through security.” We define and create the ideal security state for the entire Money Forward Group.

Preventing service downtime and information leakage is, of course, critical. However, that is only one part of what we value. Excessive security measures can slow down development, potentially reducing or delaying the value we provide to our customers. As security professionals, we constantly ask ourselves how we can maximize customer value and implement the most optimized security solutions to achieve that goal.

Security Principles

We consider the ideal state of security and our organization through three core themes:

1. Embedded security in business strategy. Security does not exist in a vacuum. We design security measures in alignment with business strategies, taking into account the current business phase, costs, projected revenue, and potential loss in the event of a risk.
2. Advanced balancing between security and experience. The highest level of security is not always the “right” answer. Over-securing can increase costs and compromise user convenience. We must assess risks and always consider the most suitable security measures. Instead of simply avoiding risk, we sometimes choose to take calculated risks to pursue maximum user value. To achieve a sophisticated balance between convenience and security, we actively promote automation and autonomous systems.
3. Autonomous and scalable organization of security. As the Money Forward Group grows into a larger development organization, we aim to deliver even greater value. If the CISO Office handles every single security function, we will become a bottleneck and fail to scale. Each development department must be able to build secure services autonomously. The CISO Office focuses on building the frameworks and providing the support necessary to enable this autonomy.

Responsibilities

In this position, you will leverage your knowledge and experience in coding and infrastructure to maintain and enhance the security of Money Forward in collaboration with developers and IT infrastructure teams. As a Product Security Specialist, you will drive the following initiatives alongside other security specialists in the CISO Office:

• Establishment of security guardrails for AWS, Azure, and GCP environments.
• In-house security consulting: Providing technical advice on security and conducting architecture reviews for our developers.
• Vulnerability assessments and penetration testing: Performing or supporting security evaluations.
• Vulnerability intelligence: Collecting and verifying vulnerability information, including OSINT (Open Source Intelligence).
• Security tool development: Developing tools and scripts to automate or enhance security.
• Framework implementation: Implementing and deploying security frameworks such as NIST CSF and CIS Controls.
• DevSecOps implementation: Integrating security into modern development workflows, including K8s, Docker, and CI/CD pipelines.

Requirements

• Foundational understanding of computer science, including networking, operating systems, data structures, and cryptography.
• Experience in software development with at least one programming language, or hands-on experience practicing Security by Design.
• Business-level English communication skills.
• Knowledge or experience in any of the following areas:
  • Vulnerability assessment
  • Penetration testing or Red Teaming operations
  • Forensics, malware analysis, or incident response
  • Cloud security
  • Architecture reviews
  • Building and operating DevSecOps workflows
  • Implementation and operation of security solutions (e.g., WAF, IDS/IPS, SIEM)

Nice to haves

While not specifically required, tell us if you have any of the following.

• Business-level Japanese communication skills.
• Experience participating in CTFs (Capture The Flag).
• Experience in bug hunting or obtaining CVEs (Common Vulnerabilities and Exposures).
• Relevant certifications such as CISSP, CISM, OSCP, GCIH, etc.
• Deep understanding of Authentication and Authorization (e.g., OIDC, OAuth).
• Experience in security-related operations within the Financial or Fintech industry (e.g., knowledge of FISC guidelines).
• Experience in AI development and/or experience in using AI tools to improve development processes.
  • Money Forward recently announced our AI Strategy roadmap which focuses on improving AI-driven operational efficiencies, as well as integrating AI agents into our products to deliver better value to our users.

Compensation

¥8,004,000 ~ ¥17,004,000 annually.