Job number: Job-00266262 Posted: 2024-03-29

Senior Risk Reduction Engineer

Own products / International team
8.0E-6 - 12 million yen Tokyo Information Technology Developer Operations

Job details

Company overview
Our client is expert in various digital fields.
The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects.These defects are shepherded to their solutions with guidance from RRE. Main responsibilities:
  • Help define and support secure continuous delivery approaches including tools and automated processes
  • Help define and support secure continuous delivery approaches including tools and automated processes
  • Help define security requirements within the cloud environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics
  • Assist with application security testing and code reviews
  • Perform security reviews, identifying gaps in secure architecture and design
  • Co-create security policies and standards
  • Review and design application security controls
  • Research information security standards for adoption
  • Develop secure coding policies, procedures and standards
  • Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
Minimum requirements:
  • 7+ years of experience in security related fields, such as Secure
  • Engineering/Consulting, Security Operations Center Administration, DevOps.
  • 2+ years of experience in leading security related teams/projects
  • Strong vulnerability pen testing skills; OSCP, CEH a plus.
  • Knowledge of Agile methodology
  • Vulnerability management skills
  • Solid understanding of public cloud (Azure, AWS, GCS, etc)
  • Practical application of secure engineering principles
  • Practical experience with SAST and DAST tools and workflows
  • Working knowledge of vulnerability/compliance, patch management, anti-malware,APT, identity and access control management toolsets
  • Experience with third party tools (e.g. Splunk, Elastisearch etc) to
  • analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
  • Threat modeling
  • English: Business level or above

Preferred qualifications:
  • Experience integrating automated security tools into CI/CD pipeline
  • Proven working experience within software development industry
  • Excellent interpersonal and communication skills
  • Proven working experience in conducting DevSecOps in an agile work environment
  • Hands-on development experience with at least *one* of the following
    • programming languages: o Python, Typescript, Java, Scala, Go
  • Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
  • Knowledge of continuous delivery and Application Lifecycle Management tools(Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)
  • Japanese: N2 and up Japanese skills desirable
8.0E-6 - 12 million yen
Roland Bolinth
BRS Consultant
Roland Bolinth
Email me directly

Recommended jobs