Overview
At Money Forward Inc., we continue to push the boundaries of financial innovation. With a diverse suite of over 50 B2C, B2B, and B2B2C services, our commitment remains unwavering: to make financial challenges easier to navigate for everyone. A key component of these services is the data collected through "account aggregation" technology and a single sign-on called "Money Forward ID". Many of these services and functions require high security because they handle sensitive user information.
The CISO office works closely with the product teams to maintain and improve the security of the products. This includes controlling and visualizing major cloud services such as AWS and GCP, designing, implementing, and operating common security functions such as WAF, conducting vulnerability assessments, and promoting shift-left initiatives.
We are looking for a candidate for the Head of Product Security to help strengthen our security so that more users can make the most of our services with a peace of mind.
Responsibility
By utilizing your knowledge and experience in coding and infrastructure, you will work closely with developers to maintain and improve MoneyForward's security. As a candidate for the Head of Product Security, you will work with the our Security Specialists in the CISO Office to promote the following tasks:
- Maintenance of security guardrails for multi-cloud environments
- In-house security consulting: technical advice on security to in-house developers, architecture reviews, etc.
- Perform or support vulnerability assessments and penetration testing
- Collection and validation of OSINT and other vulnerability information
- Development of security-related tools and scripts
- Implementation and deployment of frameworks such as NIST CSF, CIS Controls, etc.
- Management of product security organization (member evaluation, training, organization development, etc.)
Qualifications
- Basic understanding of information engineering including networking, operating systems, data structures, cryptography, etc.
- Experience managing an organization of 5 or more people
- Footwork and communication skills with the ability to move across the organization
- Experience in development in any programming language or security-by-design practices
- Knowledge and experience in any of the following
- Vulnerability Assessment
- Penetration testing or red team practices
- Forensics, malware analysis, incident response, etc.
- Cloud Security
- Experience in building and operating DevSecOps
- Experience in building and operating security solutions such as WAF, IDS / IPS, SIEM, etc.
Language Requirement
- English: Business-Level, both verbal and written. (min. TOEIC 800)
- Japanese: Not required but preferred
Preferred skills and experience
- CTF experience
- Experience in bug hunting and CVE acquisition
- Certifications such as CISSP, CISM, OSCP, GCIH
- Deep understanding of certification and authorization, OIDC, OAuth
- Experience in FISC or other security-related work in the financial or fintech industry
Technology Stack
- Web Server Side: Rails, Go
- Web Front End: React, Redux, webpack, TypeScript, Mocha, Jest
- Database: MySQL (Aurora)
- Infrastructure and middleware:AWS (ALB, EC2, RDS, S3, SQS, ElastiCache, EKS...)
GCP (BigQuery, Firebase, GKE)
nginx, squid, memcached, kafka, logstash, filebeat, maxwell, kibana, elasticsearch,Fulentd envoy, Passenger, Puma, Unicorn, HAProxy, Docker Redis, Memcached
Tools used
- Biz platform: Marketo, SalesForce
- Repository management: GitHub
- CI/CD: CircleCI, bitrise, ArgoCD, CodeBuild, Github Action
- Development environment: Vagrant, Docker, Terraform Enterprise
- Monitoring: DataDog, Rollbar, Bugsnag, Sently, New Relic
- Communication: Slack
- Ticket management: Jira, asana, trello, backlog
- Security and automation: OWASP ZAP, Burp Suite, Sider (Brakeman), Snyk, Vaddy, Dockle, Trivy
Location, Work Style Policy (Work from office / Work from home)
- Location: Tokyo, Japan
- Hybrid Work
- As a standard practice, a minimum of 2 days work from office attendance is mandatory, designated as team office days. Additionally, employees are encouraged to spend 3 or more days in the office.
- The specific "team office days" may vary depending on the assigned team.
- This policy may be subject to change based on the company's needs and work circumstances.
Relocation Support
- Working Visa
- Flight ticket to Japan
- Signing Bonus
- Temporary fully furnished apartment for the first month
Working hours
- Flexible Working Hours (No core time)
Vacations
- Two days off per week (Saturday and Sunday)
- Japanese national holidays (16 national holidays in 2021)
- Paid holiday: 10 days (first year) *Number of paid holidays increases (+1 day) every year up to 20 days a year.
- Summer vacation days: 3 days
- Winter vacations days: 2 days
Benefit
- Health insurance
- Employee stock ownership plan
- Full transportation coverage
- The latest computer (No limit upgrade or purchase when needed for development is available upon approval.)
- Seminar participation support
- Book purchases
- Copyright of OSS belongs to individuals
-
Tokyo Rakuten Full timeDescription · : Business Overview · Rakuten Group's mission is to contribute to society by creating value through innovation and entrepreneurship.Rakuten provides more than 70 services across a wide range of fields, including the following: internet services, such as e-commerc ...
-
Tokyo Rakuten Mobile Full timeDescription · : About Organization · The Rakuten Group has successfully launched our Mobile Network Operator (MNO) business as the fourth mobile network carrier in Japan. Our next challenge is to grow the business and make a more significant impact on the market. · Our mission ...
-
Tokyo Rakuten Full timeDescription · : Business Overview · Rakuten group has almost 100 million customers based in Japan and 1 billion globally as well, providing more than 70 services in a variety such as e-commerce, payment services, financial services, telecommunication, media, sports, etc. · Dep ...
-
Tokyo Rakuten Full timeDescription · : Business Overview · Rakuten Group's basic mission is to empower people and society through innovation. The Group provides more than 70 diverse services, including the Rakuten Ichiba Internet shopping mall, e-commerce services such as the Rakuten Travel booking ...
-
Tokyo Rakuten Full timeDescription · : Department Overview · The Global Ad Technology Department (GATD) manages the whole of the advertising systems that power Rakuten. We are a cross-functional and data-driven organization working together in a diverse team spread across five countries: Japan, Sing ...
-
Tokyo Rakuten Full timeDescription · : Business Overview · While working for Rakuten Group, Inc. you will be responsible for the operation of Rakuten Mobile. · This division has entered the carrier business with innovative technology and forward-thinking spirit, and continues to take on the challeng ...
-
Tokyo Rakuten Full timeDescription · : Business Overview · Rakuten is one of the leading e-commerce site operating companies in the world. Our mission is to empower people and society through the internet while aiming at becoming the Global Innovation Company. · Rakuten Ichiba home page · Department ...
-
Tokyo Rakuten Full timeDescription · : Department Overview · Rakuten Car App is a smart phone native app which has many functions that Rakuten Car provides on Web and Rakuten point acquisition function by driving function and gas station checking in function. · Leisure Product Development Department ...
-
Tokyo Rakuten Full timeDescription · : Department Overview We, at Enterprise Cloud Foundation Department (EFD), are developing Cloud platform and commercialization of our company Rakuten's technology asset. · Product scope includes "marketing automation", "membership management", "Rakuten Point (loya ...
-
Tokyo Rakuten Mobile Full timeDescription · : About Organization · ■Organization Introduction · Strategy & Product Office, to which the New Business Creation Department belongs, consists of three organizations; · - Organization that examines business strategies · - Organization that manages services after la ...
-
Yokohama DADWAY, Inc.・Emails with overseas brands and presentations in English during MTG (online/offline) · ・Creating minutes · ・Understanding manufacturer branding and planning and implementing localization · ・Planning promotions and events in collaboration with the PR team · ・Sales management, rep ...
-
Kanagawa Prefecture Bosch InternJob Description · A challenging internship opportunity is calling for applicants who are interested in working as a part of a global, dynamic team where you can gather practical and on-the-job experience with a mix of day-to-day operations and projects. · As a program coordinato ...
-
Tokyo Rakuten Full timeDescription · : Business Overview · Rakuten Group's mission is to contribute society by creating value through innovation and entrepreneurship. We provide over 70 various services such as online shopping mall "Rakuten Ichiba", online travel service "Rakuten Travel", online ba ...
-
Tokyo Palo Alto Networks Full timeCompany Description · Our Mission · At Palo Alto Networks everything starts and ends with our mission: · Being the cybersecurity partner of choice, protecting our digital way of life. · Our vision is a world where each day is safer and more secure than the one before. We are a ...
-
Software Developer
3週間前
Tokyo TEKsystemsJob Summary · Are you a Fullstack Engineer looking to expand your wings in Cyber Security Team within Japan's largest Ecommerce Company? · One of the biggest E-Commerce Company in Japan's Cyber Security Defense Department is looking for Engineers to join the team. Their goal i ...
-
Tokyo Degica Full timeAbout KOMOJU · KOMOJU (by Degica) is the leading cross-border payment gateway for Japan. We power payments for companies like video game distribution platform Steam and the popular mobile app TikTok. Today we help thousands of merchants by providing them with the payment infrastr ...
-
Tokyo Rakuten Full timeDescription · : Business Overview The Technology Platforms Division (TPD) is responsible for building and operating the infrastructure and ecosystem platforms which power the Rakuten Group. Our mission is to provide our Rakuten Cloud and Ecosystem Platforms which will deliver C ...
-
Tokyo Sophos PermanentAbout Us Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organizations defeat ...
-
Store Staff
2週間前
Tokyo Herman Miller Japan, Ltd. Full timeDescription · Reporting line: Retail Supervisor · Main responsibilities · Serves customers by helping them select products · Drives sales through engagement of customers, suggestive selling, and sharing product knowledge. · Greets and receives customers in a welcoming manner. ...
-
Product Manager
3週間前
Tokyo Rakuten Full timeDescription · : Department Overview Information System Section, Corporate IT Department is looking for a passionate product manager incorporate internal system area such as HR and/or Facility. · Position : · Why We H ire · Due to the growth of numbers of employees, organizati ...
