Senior Application Security Engineer

Формат работы

remote/onsite

Тип работы

fulltime

Грейд

senior

Английский

Вакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:

TL;DR

Senior Application Security Engineer: Building a robust application security program from the ground up and managing bug bounty programs with an accent on mitigating security vulnerabilities in applications. Focus on integrating security into the SDLC, conducting code reviews, and fostering a secure code culture.

Location: At hirify.global, we embrace remote work while also offering office space for those who prefer in-person collaboration

Company

hirify.global is the leading cross-border payment gateway for Japan, powering payments for companies like Steam and TikTok.

What you will do

Develop policies, procedures, and standards to safeguard our applications.
Conduct risk assessments and implement controls to mitigate security threats.
Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
Guide development teams in integrating security best practices.
Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.
Conduct code reviews and provide guidance on secure coding practices and secure software architecture.

Requirements

Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
Strong understanding of security principles and practices.
Previous experience as a developer is highly desirable.
Familiarity with application security assessment tools.
DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).

Nice to have

Working proficiency in Japanese is helpful but not necessary.
Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
Experience with building custom security tooling is a plus.
Cyber Security related certifications.

Culture & Benefits

At hirify.global, we embrace remote work while also offering office space for those who prefer in-person collaboration
10 days regular vacation, additional 5 days summer and 5 days winter vacation
Paid birthday holiday
Budget for self-learning allowance, to ensure our employees’ skills remain current
Language training for Japanese

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →