- Employer Type Recruiter / Dispatch / Temp Agency
- Industry Information Technology
- Salary 8M~14M JPY / Month Bonus
- English Level Basic Level
- Japanese Level Business Level
- Restricted to Domestic Applicants? Japan only
- Visa Sponsorship Yes
API Security Engineer Department: Security
Location: Tokyo, Japan or WFAA (Work From Anywhere Anytime)
Job Type: Permanent
Japanese level N3
Mid-level 8m-10m, Senior rage is 12-14M (yen)
About the Security Team Although cyber security is everyone’s responsibility, our security team is primarily responsible for solving some of the most challenging and exciting problems to mitigate cyber threats that are common organization-wide and industry-wide. As the digital world moves exponentially, we are constantly aligning our cyber security strategy, especially in today’s dynamic environment. Consequently, Information Security is very important to us and excel to implement the latest cyber resilience and cyber security practices.
Your Duties & Responsibilities
• Understands our business and market before thinking about technology and security solutions.
• Communicates effortlessly with a culturally diverse team across multiple time zones; resolves conflict professionally and pragmatically.
• A self-starter and takes initiative to drive progress while building rapport with internal and external stakeholders.
• Catalogs and inventories internal, external, and 3rd party integrated APIs.
• Configures automated scanning and alert tuning of all external and internal APIs using custom and off-the shelf security tools.
• Collaborates with internal and external stakeholders to configure testing of internal, external, and 3rd party integrated APIs throughout the full development lifecycle.
• Performs architectural and code reviews for API gateways and identity management solutions.
• Threat models and conducts risk assessments for API gateways and identity management solutions.
• Collaborates with internal and external penetration testing team(s) to validate findings in APIs; provides expert and pragmatic solutions for remediation.
• Assists and provides expert consultation in the procurement process of security vendor tooling (i.e. RFP, NDA, MSA) as well as post-sales issue remediation.
• Works with current and potential merchants on security due diligence reviews and provides expert consultation on minimum security baselines.
• Provides evidence for gap assessments and periodic audits commonly associated with Finance (i.e. SOX 404, PCI-DSS, Cobit, ISO 27001, NIST CSF, etc.)
• Presents at leadership and executive meetings risks discovered in APIs as well as pragmatic solutions to mitigate.
• Proactively schedules and leads meetings with internal and external stakeholders to manage expectations and ensure alignment with overall business strategy.
• Catalogs and inventories all FaaS (e.g. Google Cloud Functions, AWS Lambda, etc.) services.
• Configures automated scanning and alert tuning of all FaaS services.
• Creates custom automated testing tools using common programming languages (e.g. Python, Go)
• Manages and contributes frequently to organizational Git repositories and ensures that security testing exists and is automated in developer pipelines.
• Stays abreast and researches changes in the security industry to leverage emerging technology that will benefit Paidy.
• Configures and tunes alert thresholds in SIEM (Security Information and Event Management).
• Provides expert consultation and assists in the security architecture design of current and future API Gateway services.
• Provides expert consultation and assists in the security architecture of identity management services.
• Collaborates with internal and external penetration testing team(s) to validate findings in mobile applications and API gateway services; provides expert and pragmatic solutions for remediation.
• Presents and participates in regular security awareness training sessions with technical and non-technical staff.
• Develops and documents API gateway and identity management accreditation packages into standardized, reusable components.
Your skills and experience
▪ At least 5 years of bone fide API development and hardening.
▪ Evangelist of simplicity, standardization, and automation using modern DevOps tools.
▪ Experience in securing AWS identity management solutions in regulated industries.
▪ Experience in securing backend APIs for mobile.
▪ Strong IT knowledge across cloud, application, software, hardware, and networking technologies.
▪ Can effortlessly explain the relationship between APIs and business needs using past experience.
▪ If given a sample business process and API, can explain what it does and how best to secure it without having to use a search engine.
▪ Ability to communicate findings clearly with specific remediation recommendations beyond regurgitating CVE scores.
Education S. Computer Science -or- Significant, verifiable open-source API security contributions Required Certifications: None Desired Certifications: ▪ eWPTXv2 ▪ AWS Security or Professional ▪ OSCP Direct Report (who reports to this person) Negotiable.