転職・求人情報の詳細をご覧になる場合は会員登録(無料)が必要です
| 部署・役職名 | <Full remote/ Building up AppSec program from scratch> Senior AppSec Enigneer |
|---|---|
| 職種 | |
| 業種 | |
| 勤務地 | |
| 仕事内容 |
About this Position We are seeking an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will be instrumental in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role. Responsibilities 1. Build the Application Security Program * Develop policies, procedures, and standards to safeguard our applications. * Conduct risk assessments and implement controls to mitigate security threats. * Help manage external pentesting required to meet regulatory compliance. 2. Integrate Security into the SDLC * Implement and manage a Secure Software Development Life Cycle (SSDLC) process. * Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines. * Guide development teams in integrating security best practices. * Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers. 3. Foster a Secure Code Culture * Promote application-security awareness and best practices across all teams. * Conduct code reviews and provide guidance on secure coding practices and secure software architecture. * Provide training and resources to development teams to ensure secure coding practices. Tech Stack: Languages: JavaScript, Ruby, Python, Rust Frameworks: Ruby on Rails, Vue Databases: PostgreSQL, MySQL DevOps: Docker, AWS Version Control: GitHub Monitoring and Logging: DataDog |
| 応募資格 |
【必須(MUST)】 * Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.* Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks). * Strong understanding of security principles and practices. * Previous experience as a developer is highly desirable. * Familiarity with application security assessment tools. * Experience with end-to-end vulnerability management (e.g., SAST and DAST). * Technical knowledge to understand vulnerability risk and remediation steps. * DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD). * Familiar with security hardening standards and implementation. 【歓迎(WANT)】 * Working proficiency in Japanese is helpful but not necessary.* Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams. * Experience with building custom security tooling is a plus. * Cyber Security related certifications. Benefits * Embrace remote work while also offering office space for those who prefer in-person collaboration. * 10 days regular vacation, additional 5 days summer and 5 days winter vacation. Paid birthday holiday. * Budget for self-learning allowance to ensure our employees’ skills remain current. Language training for Japanese. |
| リモートワーク | 可 「可」と表示されている場合でも、「在宅に限る」「一定期間のみ」など、条件は求人によって異なります |
| 受動喫煙対策 | その他 「就業場所が屋外である」、「就業場所によって対策内容が異なる」、「対策内容は採用時までに通知する」 などの場合がその他となります。面接時に詳しい内容をご確認ください |
| 更新日 | 2025/05/14 |
| 求人番号 | 4676719 |
採用企業情報
- 企業名は会員のみ表示されます
- 会社規模31-100人
この求人の取り扱い担当者
-
- ?
- ヘッドハンターの氏名は会員のみ表示されます
会社名は会員のみ表示されます
-
- 金融 IT・インターネット
-
転職・求人情報の詳細をご覧になる場合は会員登録(無料)が必要です