Cyber Security Engineer II safeguarding systems at MSK, involved with complex technologies in cancer care security. Lead threat investigations and apply technical knowledge for security improvements.
About the role
- Senior Security Engineer responsible for securing products and infrastructures in crypto and Web3. Collaborating with teams on security posture and compliance in a hybrid working environment.
Responsibilities
- Lead the design and implementation of security controls across AWS, EKS/Kubernetes, CI/CD (Jenkins, GitHub Actions, ArgoCD), and AI/agentic engineering workflows.
- Own threat modelling, risk assessments, and security architecture reviews across infrastructure, applications, and AI-driven systems.
- Drive vulnerability management end-to-end — including code, infrastructure, and AI-generated artifacts — using tools such as NewRelic, Bugsnag, and security scanners.
- Define and enforce secure coding and AI usage standards, including guardrails for LLMs, copilots, and automated workflows.
- Build and operate security monitoring, alerting, and incident response capabilities, including detection and handling of AI/agent-related risks.
- Evaluate and manage security and AI tooling (SAST/DAST, SIEM, EDR, secrets management), ensuring least-privilege access and secure integrations.
- Harden infrastructure and data layers (Terraform, IAM, VPC, Cloudflare, Cassandra, Kafka, Redis), including protections against unauthorized or automated actions.
- Drive compliance (SOC 2, ISO 27001) with a focus on auditability, data protection, and governance of AI systems.
- Act as a security leader — educating teams, shaping best practices, and staying ahead of threats across AI, cloud, and Web3 (smart contracts, key management, bridges).
- Partner with blockchain/product teams to mitigate risks in decentralized systems.
Requirements
- 5–8 years in security engineering across application, cloud, and infrastructure security.
- Strong understanding of crypto/Web3 security (smart contracts, wallet/key management, blockchain attack vectors).
- Deep hands-on experience securing AWS (IAM, VPC, EKS, S3, EC2) and Kubernetes environments.
- Proficiency in AppSec (OWASP Top 10, secure SDLC, code reviews) and common security tooling (SAST/DAST, SIEM, secrets management).
- Solid foundation in network security, cryptography, and auth protocols (OAuth, SAML, MFA).
- Experience with incident response, threat modelling, and frameworks like MITRE ATT&CK.
- Familiarity with compliance standards (SOC 2, ISO 27001, NIST, GDPR).
- Strong communication skills and ability to operate autonomously.
- Interest in or experience working in APAC/Japan (nice to have).
- Nice to have Certifications (CISSP, OSCP, AWS Security, etc.).
- DevSecOps experience and CI/CD security integration.
- Experience with Cloudflare, service mesh (Istio), or microservices security.
- Background in software engineering (Java, Rust, TypeScript).
- Smart contract auditing or Web3 tooling (Slither, MythX, Certora, on-chain monitoring).
- Experience building or scaling a security function.
- Professional fluency in Japanese.
Benefits
- Opportunities for professional development, certifications, and conference attendance
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Principal Security Engineer working on network security lifecycle and threat management for Verizon’s 4G/5G Cloud Networks. Collaborating with multiple teams to enhance cybersecurity posture.
Cybersecurity Engineer at Verizon responsible for security lifecycle and effectiveness across networks. Leading incident response and vulnerability management in a hybrid work role.
Director of Security and Compliance safeguarding digital assets and data with a focus on cybersecurity and compliance. Leading risk management, stakeholder engagement, and team leadership initiatives.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.