Senior Application Security Engineer

About KOMOJU

KOMOJU is the leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok. Today we help thousands of merchants by providing them with the payment infrastructure they need through developer-friendly API’s to integrations on popular platforms like Shopify and Wix; we help our merchants grow in all markets they are expanding. KOMOJU fosters a flat, inclusive culture with a focus on project ownership, continuous improvement, and remote work flexibility.

About this position

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Why join KOMOJU?

• Be part of an innovative and forward-thinking company in the payment space
• Work in a collaborative and inclusive environment.
• Opportunity to shape the security landscape of the organization.
• Competitive salary and benefits package.

If you are passionate about application security and have the skills and experience we are looking for, we encourage you to apply and help us secure our digital future.

Responsibilities

1. Build the Application Security Program
• Develop policies, procedures, and standards to safeguard our applications.
• Conduct risk assessments and implement controls to mitigate security threats.
• Help manage external pentesting required to meet regulatory compliance.
2. Integrate Security into the SDLC
• Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
• Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
• Guide development teams in integrating security best practices.
• Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.
3. Foster a Secure Code Culture
• Promote application-security awareness and best practices across all teams.
• Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
• Provide training and resources to development teams to ensure secure coding practices.

Requirements

• Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
• Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
• Strong understanding of security principles and practices.
• Previous experience as a developer is highly desirable.
• Familiarity with application security assessment tools.
• Experience with end-to-end vulnerability management (e.g., SAST and DAST).
• Technical knowledge to understand vulnerability risk and remediation steps.
• DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
• Familiar with security hardening standards and implementation.

Nice to have

• Working proficiency in Japanese is helpful but not necessary.
• Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
• Experience with building custom security tooling is a plus.
• Cyber Security related certifications.

Tech Stack:

• Languages: JavaScript, Ruby, Python, Rust
• Frameworks: Ruby on Rails, Vue
• Databases: PostgreSQL, MySQL
• DevOps: Docker, AWS
• Version Control: GitHub
• Monitoring and Logging: DataDog

*We’re hiring for multiple openings across different seniority levels. The final title and scope of responsibilities will be determined based on your experience and performance throughout the interview process.

Benefits

• At KOMOJU, we embrace remote work while also offering office space for those who prefer in-person collaboration
• 10 days regular vacation, additional 5 days summer and 5 days winter vacation
• Paid birthday holiday
• Budget for self-learning allowance, to ensure our employees’ skills remain current
• Language training for Japanese