Application Security Engineer
About Paidy Inc.
Paidy is Japan's pioneer and leading BNPL service with the mission to spread trust through society and to give people room to dream.
Paidy offers instant, monthly-consolidated credit to consumers by removing hassles from payment and purchase experiences. Paidy uses proprietary models and machine learning to underwrite transactions in seconds and guarantee payments to merchants. Paidy increases revenue for merchants by reducing the number of incomplete transactions, increasing conversion rates, boosting average order values, and facilitating repeat purchases from consumers.
Paidy continues to innovate to make shopping easier and more fun both online and ofﬂine. For more information, please visit http://www.paidy.com.
Paidy is looking for an experienced application security engineer to seamlessly embed security into our product experience. By joining the team, you will apply the latest security mitigations across a rapidly growing consumer and merchant base. Within your role, you will be required to set the gold standard on how to secure products conceived at Paidy.
Key Role and Responsibilities
- Design hard-to-break applications and services using the latest security
- Training peers in secure development practices
- Lead discussions about security architectural decisions with product managers and other business stakeholders
- Lead Threat Modeling assessments and training using a standard threat modeling framework
- Drive security improvements throughout engineering teams using risk-based metrics
- Help engineering teams identify, quantify, and ﬁx potential security ﬂaws based on real-world threats
- Quickly setup proof of concept code and/or environments that demonstrate why a control is required to mitigate risk
- Ensure compliance to PCI-DSS as well as other common security framework
Our tech stack:
- AWS architecture (API Gateway, Cognito, Lambda, ECS Fargate)
- Java, Python, Typescript
- Docker, Terraform
Skills and Requirements
- Passion and a sense of ownership
- Effective communicator that can build strong relationships and engage audiences
- Experience with the end-to-end vulnerability management (e.g. SAST and DAST)
- Experience with one or more security assessment (e.g. Fortify, Veracode, CheckMarx, AppScan, etc.)
- Technical knowledge to understand vulnerability risk and remediation steps
- DevSecOps experience, building security controls into CI/CD pipelines (GitHub, CircleCI, Jenkins, etc.)
- Familiar with security hardening standards and implementation.
- Experience in container (both image and runtime)
- Exposure to Android and iOS development
- Broad software development experience with one or more modern general-purpose programming languages including, but not limited to, Java, Python, and Scala.
- A pragmatic approach to solving security issues that ensure the best consumer experience
- Extensive experience with AWS cloud security
- Experience with designing and building secure REST / GraphQL APIs at scale
- Solid understanding of OAuth2 protocol
- Conﬁdence with Docker and Terraform development tools as well as CI/CD.
- Working proﬁciency in Japanese ability is helpful but not necessary.
- Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams
- Experience with building custom security tooling
- You will be asked about your experience with the Paidy App during your interview. Please download the Paidy App and try it out:
For those who are not able to download Paidy App, due to the regional restrictions, please be advised that you download the similar BNMP apps, such as Klarna, Afterpay, Afﬁrm and so forth, and come up with your opinions on these applications and services.
What We Offer
- The opportunity to make a signiﬁcant impact on the vibrant Japanese market, building products affecting millions of users every month
- A diversity culture that accepts everyone's values and opinions, working with talented people coming from 20+ countries
- An attractive salary and the latest equipment of your choice (MacOS, Windows, or Linux).
- Remote working & Flexible working
Be a winner / 勝ちにこだわる
- Beat expectations / 常に期待値を超える
- Display surprising speed / 人をスピードで驚かす
- Embrace risk / リスクを恐れない
Own it and deliver / 結果を出す
- Commit to what, when and how to deliver/ 目的・やり方・期限にコミットする。
- Own the actions to deliver / 結果のためのアクションにこだわる
- Embrace conﬂict when needed to deliver results / 必要なら対立・衝突も恐れない
Play an integral role / 大切なピースになる
- Make an irreplaceable contribution to our business / 替えの効かない貢献をする
- Embrace and bridge differences in language and culture / 皆が言語と文化の架け橋になる
- Raise the bar / スタンダードを上げ続ける