Senior Application Security Engineer

at Degica Co, Ltd.
  • Remote - Japan

Remote

Cybersecurity

Senior

Job description

About KOMOJU

KOMOJU (by Degica) is the leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok. Today we help thousands of merchants by providing them with the payment infrastructure they need through developer-friendly API’s to integrations on popular platforms like Shopify and Wix; we help our merchants grow in all markets they are expanding. Degica fosters a flat, inclusive culture with a focus on project ownership, continuous improvement, and remote work flexibility.

About this position

We are looking for an experienced and dynamic Application Security Engineer to join our team. The ideal candidate will play a pivotal role in managing our bug bounty programs, building a robust application security program from the ground up, and fostering a strong security culture within the organization. Previous experience as a developer is highly desirable, as it will aid in understanding and mitigating security vulnerabilities in our applications. Passion and a sense of ownership, along with effective communication skills, are crucial for success in this role.

Why join Degica?

  • Be part of an innovative and forward-thinking company in the payment space
  • Work in a collaborative and inclusive environment.
  • Opportunity to shape the security landscape of the organization.
  • Competitive salary and benefits package.

If you are passionate about application security and have the skills and experience we are looking for, we encourage you to apply and help us secure our digital future.

Responsibilities

  1. Build the Application Security Program

    • Develop policies, procedures, and standards to safeguard our applications.
    • Conduct risk assessments and implement controls to mitigate security threats.
    • Help manage external pentesting required to meet regulatory compliance.

  2. Integrate Security into the SDLC

    • Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
    • Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
    • Guide development teams in integrating security best practices.
    • Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.

  3. Foster a Secure Code Culture

    • Promote application-security awareness and best practices across all teams.
    • Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
    • Provide training and resources to development teams to ensure secure coding practices.
  • Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
  • Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
  • Strong understanding of security principles and practices.
  • Previous experience as a developer is highly desirable.
  • Familiarity with application security assessment tools.
  • Experience with end-to-end vulnerability management (e.g., SAST and DAST).
  • Technical knowledge to understand vulnerability risk and remediation steps.
  • DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
  • Familiar with security hardening standards and implementation.

Nice to have

  • Working proficiency in Japanese is helpful but not necessary.
  • Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
  • Experience with building custom security tooling is a plus.
  • Cyber Security related certifications.

Tech Stack:

  • Languages: JavaScript, Ruby, Python, Rust

  • Frameworks: Ruby on Rails, Vue

  • Databases: PostgreSQL, MySQL

  • DevOps: Docker, AWS

  • Version Control: GitHub

  • Monitoring and Logging: DataDog

  • At Degica, we embrace remote work while also offering office space for those who prefer in-person collaboration

  • 10 days regular vacation, additional 5 days summer and 5 days winter vacation

  • Paid birthday holiday

  • Budget for self-learning allowance, to ensure our employees’ skills remain current

  • Language training for Japanese

Share this job:
Please let Degica Co, Ltd. know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Degica Co, Ltd. logo

Degica Co, Ltd.

  • 11 remote jobs

Latest Jobs at Degica Co, Ltd.

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply