← Back to main page

Senior Application Security Engineer

Salary not provided

English: Fluent

Minimum year of experience: 3

KOMOJU

Application Security Engineer

We are looking for an experienced and dynamic Application Security Engineer to join our team. You will play a pivotal role in managing bug bounty programs, building a robust application security program, and fostering a strong security culture. Previous experience as a developer is highly desirable. Passion, a sense of ownership, and strong communication skills are crucial for success.

Why Join Us?

  • Be part of an innovative and forward-thinking company in the payment space
  • Work in a collaborative and inclusive environment
  • Opportunity to shape the security landscape of the organization
  • Competitive salary and benefits package

Responsibilities

1. Build the Application Security Program

  • Develop policies, procedures, and standards to safeguard our applications
  • Conduct risk assessments and implement controls to mitigate security threats
  • Help manage external pentesting required for regulatory compliance

2. Integrate Security into the SDLC

  • Implement and manage a Secure Software Development Life Cycle (SSDLC) process
  • Design, implement, and operate a DevSecOps program with automated security in CI/CD pipelines
  • Guide development teams in integrating security best practices
  • Manage a bug-bounty program, respond to reports, and ensure timely fixes

3. Foster a Secure Code Culture

  • Promote application security awareness across all teams
  • Conduct code reviews and guide secure coding and architecture
  • Provide training/resources to dev teams for secure coding

Requirements

  • Proven experience in application security (minimum 3 years hands-on)
  • Familiarity with application security principles/frameworks (CWE, MITRE, OWASP, CIS Benchmarks)
  • Strong understanding of security principles and practices
  • Previous experience as a developer (highly desirable)
  • Familiarity with application security assessment tools
  • Experience with vulnerability management (SAST and DAST)
  • Technical knowledge for vulnerability risk and remediation
  • DevSecOps experience integrating security into CI/CD pipelines (GitHub Actions, CircleCI, GitLab CI/CD)
  • Familiar with security hardening standards and implementation

Nice to Have

  • Working proficiency in Japanese
  • Willingness to learn new technologies and collaborate with distributed, multidisciplinary teams
  • Experience building custom security tooling
  • Cybersecurity-related certifications

Tech Stack

  • Languages: JavaScript, Ruby, Python, Rust
  • Frameworks: Ruby on Rails, Vue
  • Databases: PostgreSQL, MySQL
  • DevOps: Docker, AWS
  • Version Control: GitHub
  • Monitoring & Logging: DataDog

We’re hiring for multiple openings across different seniority levels. The final title and scope of responsibilities will be determined based on your experience and performance throughout the interview process.

Benefits

  • Remote work with office space available for in-person collaboration
  • 10 days regular vacation, plus 5 days summer and 5 days winter vacation
  • Paid birthday holiday
  • Self-learning allowance
  • Language training for Japanese
reco経由で応募する