Senior Risk Reduction Engineer

---

Job details

Company overview

We integrate cutting-edge digital technologies with specialized expertise to create common platforms and solutions. Our team includes experts in advanced technologies such as cloud, AI, blockchain, and IoT, as well as specialists in various digital domains such as data science, data visualization, cloud architecture, and system security, gathered from both domestic and international sources. We advance the secure management of vast and complex data, develop and operate platforms using agile and DevOps methodologies, analyze data to inform strategic decisions, and visualize data for easy understanding. By combining the latest digital technologies with our accumulated expertise, we collaborate globally to innovate common platforms and solutions.

Responsibilities

The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects.These defects are shepherded to their solutions with guidance from RRE. Main responsibilities:

• Help define and support secure continuous delivery approaches including tools and automated processes
• Help define and support secure continuous delivery approaches including tools and automated processes
• Help define security requirements within the cloud environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics
• Assist with application security testing and code reviews
• Perform security reviews, identifying gaps in secure architecture and design
• Co-create security policies and standards
• Review and design application security controls
• Research information security standards for adoption
• Develop secure coding policies, procedures and standards
• Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

Requirements

Minimum requirements:

• 7+ years of experience in security related fields, such as Secure
• Engineering/Consulting, Security Operations Center Administration, DevOps.
• 2+ years of experience in leading security related teams/projects
• Strong vulnerability pen testing skills; OSCP, CEH a plus.
• Knowledge of Agile methodology
• Vulnerability management skills
• Solid understanding of public cloud (Azure, AWS, GCS, etc)
• Practical application of secure engineering principles
• Practical experience with SAST and DAST tools and workflows
• Working knowledge of vulnerability/compliance, patch management, anti-malware,APT, identity and access control management toolsets
• Experience with third party tools (e.g. Splunk, Elastisearch etc) to
• analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
• Threat modeling
• English: Business level or above

Preferred qualifications:

• Experience integrating automated security tools into CI/CD pipeline
• Proven working experience within software development industry
• Excellent interpersonal and communication skills
• Proven working experience in conducting DevSecOps in an agile work environment
• Hands-on development experience with at least *one* of the following
  • programming languages: o Python, Typescript, Java, Scala, Go
• Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
• Knowledge of continuous delivery and Application Lifecycle Management tools(Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)
• Japanese: N2 and up Japanese skills desirable

Salary

8.0E-6 - 12 million yen

Location

Tokyo