Platform Security Lead

About Paidy Inc.

Paidy is Japan's pioneer and leading BNPL service with the mission to spread trust through society and to give people room to dream.

Paidy offers instant, monthly-consolidated credit to consumers by removing hassles from payment and purchase experiences. Paidy uses proprietary models and machine learning to underwrite transactions in seconds and guarantee payments to merchants. Paidy increases revenue for merchants by reducing the number of incomplete transactions, increasing conversion rates, boosting average order values, and facilitating repeat purchases from consumers. 

Paidy has reached an agreement to join PayPal, the global payments company. Paidy will continue to operate its existing business, maintain its brand and support a wide variety of consumer wallets and marketplaces by providing convenient and innovative services.

Paidy continues to innovate to make shopping easier and more fun both online and offline. For more information, please visit http://www.paidy.com. 

The position will be based at the Paidy Office, located in Tokyo, Japan.

About Position 

Paidy is seeking an experienced Platform Security Lead to design, implement, and scale security for our core infrastructure. As a key member of the Security Department, you will harden the systems and services that power our consumer and merchant applications. Your work will ensure the confidentiality, integrity, and availability of our platform at scale.

This role blends technical leadership, hands-on engineering, and risk management expertise in cloud-native environments. You will collaborate closely with multiple teams throughout the organization to embed security into our platform’s foundation.

Key Role and Responsibilities

• Define and enforce security standards for infrastructure, containers, cloud services, and CI/CD pipelines.
• Partner with non-engineering and engineering teams to design secure-by-design services.
• Lead platform security architecture, including network segmentation, IAM, secrets management, and vulnerability management.
• Conduct  threat modeling to proactively identify and mitigate risks.
• Drive adoption of platform hardening and security-as-code practices.
• Support audit and compliance programs including:
  
  
  • PCI-DSS, ISO 27001, SOC 2
  • METI security guidelines
  • Japan’s Act on the Protection of Personal Information (APPI)
  • APEC Cross Border Privacy Rules (CBPR) system
    
    
• Monitor industry trends and threat intelligence to adapt Paidy’s security posture.
• Mentor engineering teams on secure design.
• Rapidly prototype proof-of-concept security solutions to validate risks and mitigations.
• Manage and scale Paidy’s Bug Bounty and responsible disclosure programs, ensuring external research is incorporated into platform hardening.
• Leverage AI-driven automation to continuously validate security controls and track KPI/KRI metrics.

Our tech stack:

• Cloud: All common AWS services (e.g. API Gateway, Lambda, ECS, RDS)
• Languages & Frameworks: Rust, Scala, Python, React Native (framework)
• Infrastructure: Docker, Terraform, CircleCI
• Observability: Datadog, Elasticsearch, Kafka
• Source & Mobile: GitHub, Android, iOS

Skills and Requirements

• Strong ownership mindset and ability to influence across teams.
• Proven experience with vulnerability management lifecycle (SAST, DAST, patching).
• Hands-on with security tools (e.g. Orca Security, BurpSuite, HexStrike AI, AttackIQ, etc.)
• DevSecOps background integrating security into CI/CD (GitHub, CircleCI, Jenkins).
• Familiarity with security hardening standards (CIS, NIST, ISO, SOC 2, METI).
• Experience with container security (image and runtime scanning).
• Working knowledge of Android/iOS security considerations.
• Broad software engineering experience in languages such as Python, Rust, Scala.
• Deep expertise in AWS cloud security.
• Experience designing and securing REST/GraphQL APIs at scale.
• Strong understanding of OAuth2 and modern authentication protocols.
• Proficiency with Docker, Terraform, and CI/CD pipelines.
• Fluent in English; Japanese is a plus.
• Familiarity with APPI and CBPR requirements is highly desirable.
• Experience managing bug bounty programs or engaging with external security researchers.
• Hands-on experience applying AI and automation in security workflows (threat modeling, compliance checks, metric collection, or code analysis).
• Willingness to learn new technologies and build custom security tooling when needed.

Please note that you must be eligible to work in Japan by holding valid working rights.

What We Offer You

• Diversified team with 230+ colleagues from 30+ countries
• Exciting work opportunities in a rapid-growing organization
• Cross-functional collaboration
• Hybrid remote work model - minimum 2 times in office per week (subject to change at company discretion)
• Competitive salary and benefits