Senior Application Security Engineer

About KOMOJU

KOMOJU (by Degica) is the leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok. Today we help thousands of merchants by providing them with the payment infrastructure they need through developer-friendly API’s to integrations on popular platforms like Shopify and Wix; we help our merchants grow in all markets they are expanding.

What to expect

We are product focused, meaning you will work on our payment gateway and any other pilot projects towards building the future of KOMOJU. You will work with other engineers in a flat and inclusive culture where engineers have a say in both key product and technology decisions. The culture is largely self-organizing, which means engineers have both a stake and ownership in what they work on. Engineers play to their strengths, but are also able to invest in areas where they want to grow within the team. At KOMOJU, you are the main driver behind your growth and position in the company.

International at our core

Our founder is Canadian, and about 50% of our employees are non-Japanese. In the engineering team, we use English as our common language, and throughout the company, many people are bilingual.

Being an international company we know the importance of bilingualism. We offer all employees a choice between English and Japanese lessons.

About this position

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Why Join Degica?

• Be part of an innovative and forward-thinking company in the payment space
• Work in a collaborative and inclusive environment.
• Opportunity to shape the security landscape of the organization.
• Competitive salary and benefits package.

If you are passionate about application security and have the skills and experience we are looking for, we encourage you to apply and help us secure our digital future.

Responsibilities:

1. Integrate Security into the SDLC:

• Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
• Collaborate with development teams to integrate security best practices at every stage of the SDLC.
• Provide training and resources to development teams to ensure secure coding practices.

2. Build the application security program:

• Design and implement a comprehensive devsecops process.
• Develop policies, procedures, and standards to safeguard our applications.
• Conduct risk assessments and implement controls to mitigate security threats.

3. Foster a Security Culture:

• Promote security awareness and best practices across all teams.
• Conduct code reviews and provide guidance on secure coding practices.

Requirements

• Proven experience in the security domain, preferably with application security.
• Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
• Strong understanding of security principles and practices.
• Previous experience as a developer is highly desirable.
• Familiarity with security assessment tools.
• Experience with end-to-end vulnerability management (e.g., SAST and DAST).
• Technical knowledge to understand vulnerability risk and remediation steps.
• DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, Jenkins).
• Familiar with security hardening standards and implementation.

Tech Stack:

• Languages: JavaScript, Ruby, Python
• Frameworks: Ruby on Rails, Vue
• Databases: PostgreSQL, MySQL
• DevOps: Docker, AWS
• Version Control: GitHub
• Monitoring and Logging: Datadog

Benefits

• At Degica, we embrace remote work while also offering office space for those who prefer in-person collaboration
• 10 days regular vacation, additional 5 days summer and 5 days winter vacation
• Paid birthday holiday
• Budget for self-learning allowance, to ensure our employees’ skills remain current
• Language training for Japanese