Career opportunity Product Security Engineer
Product Security Engineer
- Locations
- Tokyo
- Salary
- ¥8,500,000〜¥12,000,000 (Annual)
- Recruitment industry
- Data Engineer, DevOps Engineer, System Engineer, Infrastructure Engineer
- Employment status
- Full time employee
Job description
We are planning to assign the successful candidate to the Enabling Group Product Security Team, a team dedicated to enhancing the security level of our products. The team takes ownership of product security, aiming to drive business growth by balancing proactive and defensive security measures.
Currently, the team consists of three engineers. Actual implementation tasks are conducted in collaboration with various product teams, the Corporate IT team, and the Legal team. Moving forward, we plan to expand the team and aim for a structure of about five members within a year.
Below are examples of responsibilities, though the scope is not limited to these. The specific tasks will be determined after considering the candidate's skills, expertise, and experience upon joining.
Example Responsibilities:
- Defining various security requirements.
- Supporting the development, operation, and implementation of security measures for products.
- Planning and organizing frameworks to enable effective incident response.
- Conducting security checks and supporting improvements (including outsourcing management).
- Advancing DevSecOps practices.
- Auditing infrastructure security settings and policies.
Development Environment:
- Frontend:TypeScript,React,Next.js
- Backend: Rust (axum),TypeScript,Node.js(Express, Fastify, NestJS)
- Machine Learning・Algorithm:Rust,Python,OpenCV,PyTorch,TorchServe,Elasticsearch,Vertex AI
- Infrastructure: Google Cloud, Google Kubernetes Engine, Anthos Service Mesh, Istio, Cloudflare, Argo Workflows
- Event Bus: Cloud Pub/Sub
- DevOps: GitHub, GitHub Actions, ArgoCD, Kustomize, Helm, Terraform, Datadog, MixPanel, Sentry
- Data: CloudSQL(PostgreSQL), AlloyDB, BigQuery, dbt,trocco
- API: GraphQL, REST, gRPC
- Authentication: Auth0
- Other tools: GitHub Copilot, Figma, Storybook
- Communication: Slack, Discord, IRA, Miro, Confluence
Requirement
Required Qualifications:
- Practical experience in product security.
- Basic knowledge of web application security.
- Basic knowledge of OS and container technologies.
- Basic knowledge of public cloud services.
- Fluent business communication skills in Japanese.
- Ability to handle daily tasks entirely in Japanese, including text communication and meetings.
- Example: Equivalent to JLPT N2 or approximately three years of work experience in a Japanese environment.
Preferred Qualifications:
*Note: It is not necessary for one individual to be proficient in all areas below. We aim to build a team where members have strengths in specific domains, such as forensics, infrastructure, or platforms, to create synergy.
We will confirm these points during the interview, so we encourage you to share your past experiences and the areas you wish to explore further in the future.*
- Practical experience in a security team.
- Ops or DevSecOps design and operational experience.
- Experience in security responses and assessments.
- Activities related to collecting and evaluating network and asset information.
- Vulnerability assessment experience for web applications.
- Experience with network (platform) security diagnostics.
- Experience in security diagnostics and countermeasures for container technologies such as Kubernetes.
- Experience in security diagnostics and countermeasures for systems using Google Cloud.
- Experience managing vulnerabilities and operations using SCA (Software Composition Analysis) or SBOM (Software Bill of Materials).
- Experience in penetration testing or targeted attack resistance assessments.
- Incident response, product security activities, and real-time analysis/monitoring experience.
- Experience in security incident response.
- CSIRT or PSIRT experience.
- Digital forensics experience (fast forensics, full forensics).
- Network forensics experience.
- Development and operation of security response systems.
- Experience in deploying and operating IPS, IDS, WAF, etc.
- Security measures in on-premises environments.
- SIEM deployment and operational experience.
- Experience building and operating systems handling logs, net flows, and packet capture data outside SIEM systems.
- Academic knowledge in computer science.
- Knowledge and practical experience with low-level layers such as OS and networking.
- Activities related to education, awareness, and information dissemination.
- Experience in security education and awareness activities.
- Activities as a security advisor.
- Activities in securing security talent and creating career paths.
- Collection, analysis, and evaluation of threat intelligence.
- Experience analyzing and evaluating internal threats.
- Experience collecting, analyzing, and evaluating external threats.
- Practical development experience for actual services.
- Experience proposing and implementing security measures based on business strategies.
- Development and operational experience in web services.
- Development experience in languages such as C(++), Rust, TypeScript, Python, or Go.
- Business-level English proficiency.
.
Benefits
Salary:
- The expected annual salary upon joining the company ranges from 8.5 million yen to 12 million yen.
- Salary increase twice a year.
- The annual salary will be divided by 12 and paid as a fixed monthly salary.
- Stock option system available.
- Other benefits:
Allowances:
- Transportation expenses reimbursed at actual cost:
- Up to 30,000 yen per month, paid according to the number of days worked in the office.
- For employees living far away, up to 60,000 yen per month.
- Child allowance: 15,000 yen per month for each dependent child under 18 years old.
Employee Interaction Support:
- Support for team activity expenses (1,500 yen per person).
- Teaming Offsite cost subsidy (5,000 yen per person, up to once per quarter).
- Meal allowance for internal team interactions (2,000 yen per person, up to once per month).
- Meal allowance for cross-team interactions (3,000 yen per person, up to once per month).
Growth Support:
- Server cost subsidy (up to 10,000 yen per month, for engineers).
- Book purchase support.
- External training cost subsidy.
Life Event and Family Support:
- Childcare and caregiving leave (available after 3 months of employment).
- Wedding gift (50,000 yen), birth gift (100,000 yen).
- Moving allowance.
Others:
- Full social insurance (employment, workers' compensation, health, pension).
- PC provided.
- Full reimbursement for health checks, gynecological exams, and partial subsidy for comprehensive medical exams.
Primarily remote:
- However, to encourage interaction among team members, we recommend a weekly office attendance day and hold offsite meetings once or twice a quarter.
- Details may vary by team, so please feel free to ask questions during interviews or meetings.
- We have several members based outside of the metropolitan area, including Chubu, Kansai, and Kyushu. If you prefer to work in the office, you are welcome to use the office at any time.
Work time
Flexible working hours system (Core hours from 11:00 to 16:00).
Location
Tokyo
Other jobs
- All
- Tokyo
Chat with us!