Cloud Security Management Engineer
About Paidy Inc.
Paidy is Japan's pioneer and leading BNPL service with the mission to spread trust through society and to give people room to dream.
Paidy offers instant, monthly-consolidated credit to consumers by removing hassles from payment and purchase experiences. Paidy uses proprietary models and machine learning to underwrite transactions in seconds and guarantee payments to merchants. Paidy increases revenue for merchants by reducing the number of incomplete transactions, increasing conversion rates, boosting average order values, and facilitating repeat purchases from consumers.
Paidy continues to innovate to make shopping easier and more fun both online and ofﬂine. For more information, please visit http://www.paidy.com.
Paidy is looking for an experienced security engineer, focusing on cloud security management to help uplift the secure posture of our platform. By joining the team, you will apply the mindset of an attacker to help Paidy defend against a rapidly evolving threat landscape.
Key Role and Responsibilities
- While adhering to industry accepted best practices (e.g. OWASP, NIST, etc.), analyze existing cloud structures and create new and enhanced security methodologies.
- Provide security recommendations across cloud platforms, and perform threat simulations to detect possible risks.
- Identify areas of security improvement opportunities across our cloud environments using manual security reviews or automation for more critical efforts.
- Provide actionable feedback to engineers as part of the secure software development life cycle.
- Communicate risks to engineering teams through training and technical demonstrations.
- Lead efforts related to the implementation, conﬁguration and management of the latest security tooling.
- Translate compliances, regulations, consumers and best practices requirements into the rightful security settings and controls.
- Break what you can ﬁnd on our platform and offer pragmatic solutions.
- Conduct white-box and black-box penetration testing against internal and public-facing applications and assets.
- Manage, triage, and investigate Bug Bounty submissions and external pentest ﬁndings.
- Research and perform security assessment for 3rd party partners.
- Develop tooling to support reconnaissance, automation, and metrics collection.
- Provide expert guidance to developers, other product security teams, and the SOC in investigating issues.
- Spread awareness of offensive security practices via demos, workshops and training.
- Assess the security of our tech stack through whatever means are best suited.
- Quickly setup proof of concept code and/or environments that demonstrate why a control is required to mitigate risk.
- Ensure compliance to PCI-DSS as well as other common security frameworks.
- A pragmatic approach to solving security issues that ensure the best consumer experience.
Skills and Requirements
- Passion and a sense of ownership.
- At least 5 years of bone ﬁde experience in information security.
- Strong experience with penetration testing and other technical security assessments.
- Experience identifying security issues in code, particularly within Scala, GoLang, Rust, React Native, and others.
- Experience with cloud environments, particularly AWS and modern microservice design principles.
- Comfortable communicating ﬁndings clearly and effectively, with concrete remediation recommendations beyond simple issue reporting.
- CTF participation and active contributions to the cybersecurity community.
- DevSecOps experience, building security controls into CI/CD pipelines. (GitHub, CircleCI, Jenkins, etc.)
- Exposure to Android and iOS development.
- Working proﬁciency in English. Japanese ability is helpful but not necessary.
- You will be asked about your experience with the Paidy App during your interview. Please download the Paidy App and try it out:
For those who are not able to download Paidy App, due to the regional restrictions, please be advised that you download the similar BNMP apps, such as Klarna, Afterpay, Afﬁrm and so forth, and come up with your opinions on these applications and services.
What We Offer
- The opportunity to make a signiﬁcant impact on the vibrant Japanese market, building products affecting millions of users every month.
- A diversity culture that accepts everyone's values and opinions, working with talented people coming from 20+ countries.
- An attractive salary and the latest equipment of your choice (MacOS, Windows, or Linux).
- Remote working & Flexible working style.
Be a winner / 勝ちにこだわる
- Beat expectations / 常に期待値を超える
- Display surprising speed / 人をスピードで驚かす
- Embrace risk / リスクを恐れない
Own it and deliver / 結果を出す
- Commit to what, when and how to deliver/ 目的・やり方・期限にコミットする。
- Own the actions to deliver / 結果のためのアクションにこだわる
- Embrace conﬂict when needed to deliver results / 必要なら対立・衝突も恐れない
Play an integral role / 大切なピースになる
- Make an irreplaceable contribution to our business / 替えの効かない貢献をする
- Embrace and bridge differences in language and culture / 皆が言語と文化の架け橋になる
- Raise the bar / スタンダードを上げ続ける