Senior Risk Reduction Engineer

---

募集要項

会社概要

同社は、最新デジタル技術と専門的知見を融合させ共通基盤とソリューション創発を行っています。クラウド、AI、ブロックチェーン、IoTの先端技術の専門家だけでなく、データサイエンス、データ可視化、クラウドアーキテクチャ、システムセキュリティなどの各デジタル領域の専門家が国内外から集結しています。膨大で複雑なデータの安全な管理、アジャイルやデブオプスの手法を用いたプラットフォームの開発・運営、そのデータを経営判断に反映するための分析、さらにはそのデータから簡単に理解するための可視化などを進めていきます。最新デジタル技術と、これまで培ってきた専門的知見を融合させ、グローバルと連携しながら、共通基盤とソリューションを創発します。

業務内容

The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects.These defects are shepherded to their solutions with guidance from RRE. Main responsibilities:

• Help define and support secure continuous delivery approaches including tools and automated processes
• Help define and support secure continuous delivery approaches including tools and automated processes
• Help define security requirements within the cloud environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics
• Assist with application security testing and code reviews
• Perform security reviews, identifying gaps in secure architecture and design
• Co-create security policies and standards
• Review and design application security controls
• Research information security standards for adoption
• Develop secure coding policies, procedures and standards
• Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

応募条件

Minimum requirements:

• 7+ years of experience in security related fields, such as Secure
• Engineering/Consulting, Security Operations Center Administration, DevOps.
• 2+ years of experience in leading security related teams/projects
• Strong vulnerability pen testing skills; OSCP, CEH a plus.
• Knowledge of Agile methodology
• Vulnerability management skills
• Solid understanding of public cloud (Azure, AWS, GCS, etc)
• Practical application of secure engineering principles
• Practical experience with SAST and DAST tools and workflows
• Working knowledge of vulnerability/compliance, patch management, anti-malware,APT, identity and access control management toolsets
• Experience with third party tools (e.g. Splunk, Elastisearch etc) to
• analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
• Threat modeling
• English: Business level or above

Preferred qualifications:

• Experience integrating automated security tools into CI/CD pipeline
• Proven working experience within software development industry
• Excellent interpersonal and communication skills
• Proven working experience in conducting DevSecOps in an agile work environment
• Hands-on development experience with at least *one* of the following
  • programming languages: o Python, Typescript, Java, Scala, Go
• Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
• Knowledge of continuous delivery and Application Lifecycle Management tools(Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)
• Japanese: N2 and up Japanese skills desirable

給与

0.0008 - 1200 万円

勤務地

東京