Senior Risk Reduction Engineer
■ Your Role and Responsibilities
The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects.
- Help define and support secure continuous delivery approaches including tools and automated processes
- Help define and support secure continuous delivery approaches including tools and automated processes
- Help define security requirements within the cloud environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics
- Assist with application security testing and code reviews
- Perform security reviews, identifying gaps in secure architecture and design
- Co-create security policies and standards
- Review and design application security controls
- Research information security standards for adoption
- Develop secure coding policies, procedures and standards
- Engage with the engineering teams to review and update Software
- Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
■ Work Location
・Tokyo, Japan
■ Experience and Qualifications
- 7+ years of experience in security related fields, such as Secure Engineering/Consulting, Security Operations Center Administration, DevOps.
- 2+ years of experience in leading security related teams/projects
- Strong vulnerability pen testing skills; OSCP, CEH a plus.
- Knowledge of Agile methodology
- Vulnerability management skills
- Solid understanding of public cloud (Azure, AWS, GCS, etc)
- Practical application of secure engineering principles
- Practical experience with SAST and DAST tools and workflows
- Working knowledge of vulnerability/compliance, patch management, anti-malware,APT, identity and access control management toolsets
- Experience with third party tools (e.g. Splunk, Elastisearch etc) to analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
- Threat modeling
■ Additional Preferred Qualifications
- Experience integrating automated security tools into CI/CD pipeline
- Proven working experience within software development industry
- Excellent interpersonal and communication skills
- Proven working experience in conducting DevSecOps in an agile work environment
- Hands-on development experience with at least *one* of the following programming languages:Python, Typescript, Java, Scala, Go
- Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
- Knowledge of continuous delivery and Application Lifecycle Management tools(Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)
Language Skills
- Japanese: N2 Japanese skills desirable
- English: Business level or above