|This posting is managed by:||Fidel Consulting KK|
|Company Name||Company is not publicly visible|
IT (Hardware/Network) - Security System SE
IT (PC, Web, Unix) - Programmer
IT (PC, Web, Unix) - Web Application SE
|Industry||Internet Services/ISP (Internet Service Provider)|
• Assessing the security of our platform using standard and custom tools.
• Reducing vulnerabilities based on risk to our business, leveraging automation.
• Partnering with engineering teams and to pragmatically reduce risk leveraging our risk management standards.
• Contribute to architectural design and decisions.
• Training peers in secure development practices.
• Participate in Threat Modeling assessments and training using a standard threat modeling framework.
• Drive security improvements throughout engineering teams using vulnerability metrics. (e.g. CVE, CVSS)
• Help engineering teams identify, quantify, and ﬁx potential security ﬂaws based on real-world threats.
• Quickly setup proof of concept code and/or environments that demonstrate why a control is required to mitigate risk.
• Ensure compliance to PCI-DSS as well as other common security frameworks.
• A pragmatic approach to solving security issues that ensure the best consumer experience.
The Company offers instant, monthly-consolidated credit to consumers by removing hassles from payment and purchase experiences. Uses proprietary models and machine learning to underwrite transactions in seconds and guarantee payments to merchants. The Company increases revenue for merchants by reducing the number of incomplete transactions, increasing conversion rates, boosting average order values, and facilitating repeat purchases from consumers.
This organization continues to innovate to make shopping easier and more fun both online and offline.
• Passion and a sense of ownership.
• Effective communicator that can build strong relationships and engage audiences.
• Experience with the end-to-end vulnerability management lifecycle. (e.g.SAST and DAST)
• Experience with one or more security assessment tools. (e.g. Fortify, Veracode, CheckMarx, AppScan, etc.)
• Technical knowledge to understand vulnerability risk and remediation steps.
• DevSecOps experience, building security controls into CI/CD pipelines. (GitHub, CircleCI, Jenkins, etc.)
• Familiar with security hardening standards and implementation.
• Experience in container scanning. (both image and runtime)
• Exposure to Android and iOS development.
• Extensive experience with AWS cloud security.
• Working proﬁciency in English. Japanese ability is helpful but not necessary.
|English Level||Minimum Communication Level (TOEIC 225-470)|
|Japanese Level||Minimum Communication Level|
|Salary||JPY - Japanese Yen JPY 7000K - JPY 9000K|