Cyber Security Engineer II safeguarding systems at MSK, involved with complex technologies in cancer care security. Lead threat investigations and apply technical knowledge for security improvements.
About the role
- Security Engineer ensuring Mercari products meet security standards and assisting with security issues in Tokyo. Involved in threat modeling, security testing, and system vulnerabilities.
Responsibilities
- Review product designs to define necessary security requirements based on threat modeling.
- Review proposed architectures and propose a set of security controls in order to minimize risk.
- Review source code to find security problems and potential vulnerabilities.
- Conduct vulnerability assessments and penetration testing on Mercari’s Backend, Web, iOS, and Android applications.
- Automate security checks and tests so that they can be easily and transparently plugged into the CI/CD pipeline.
- Develop technical solutions to help mitigate security vulnerabilities.
- Maintain technical and security standards for Web and mobile application technologies.
- Educate developers on secure coding practices with workshops, talks, and lessons.
- Evaluate and investigate suspected security events or incidents and perform remediation in accordance with Incident Response procedures.
- Collaborate with information security officers, the legal team, and internal auditors on technical security matters.
Requirements
- Bachelor's degree or equivalent practical experience.
- Programming experience with one or more programming languages including but not limited to: Go, PHP, Java, Ruby, Python, Swift, Kotlin, or JavaScript.
- 4+ years of experience analyzing the security of systems (penetration testing, Web application security testing, vulnerability scanning, threat modeling, etc.).
- Good understanding of modern Web application architecture, TLS, HTTP, TCP/IP, and standard network and system security technologies.
- Experience with modern software development tools, such as distributed version control systems (git), dependency management, build systems, and CI/CD pipelines.
- Strong teamwork skills in a diverse environment.
- Effective interpersonal and communication skills.
- In-depth technical knowledge of security engineering, computer and network security, Unix-based operating systems, mobile security, authentication, security protocols, and applied cryptography.
- Strong experience in securing both backend (Go, PHP) and frontend (Web, JavaScript, iOS, Android) applications with the ability to adopt new frameworks and technologies quickly.
- Good understanding of development methodologies such as Object-oriented Programming (OOP), Domain-driven Design (DDD), and Test-driven Development (TDD).
- Good understanding of microservice architecture and related security patterns.
- Good understanding of the inner workings of OAuth2 and OIDC implementations.
- Knowledge of container and orchestration technology like Docker and Kubernetes.
- Experience working with large-scale cloud infrastructure and services (GCP or AWS).
- Experience with securing large-scale cloud infrastructure through analyzing CSPM alerts from tools such as Wiz.
- Experience working in an agile and DevOps-centric environment.
- Japanese: Ideal but not required
- English: Independent (CEFR-B2)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Principal Security Engineer working on network security lifecycle and threat management for Verizon’s 4G/5G Cloud Networks. Collaborating with multiple teams to enhance cybersecurity posture.
Cybersecurity Engineer at Verizon responsible for security lifecycle and effectiveness across networks. Leading incident response and vulnerability management in a hybrid work role.
Director of Security and Compliance safeguarding digital assets and data with a focus on cybersecurity and compliance. Leading risk management, stakeholder engagement, and team leadership initiatives.
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.