Job DescriptionTranslated from Japanese
▼Job Description
We are looking for a Security Engineer to build and improve the security framework for our "Medical x AI" product.
Upon joining, you will work closely with the current development team, taking ownership from prioritization to implementation of security measures.
Specific responsibilities include:
◆ Driving DevSecOps
・Implementing and improving security checks in CI/CD pipelines (GitHub Actions)
・Establishing vulnerability detection processes using SAST/DAST, etc.
・Developing secure coding guidelines
・Participating in code reviews and design reviews from a security perspective
・Collaborating with external security assessment companies, analyzing results, and driving improvements
◆ Cloud Infrastructure Security
・Enhancing security for AWS environments (ECS, Aurora, Cognito, S3, etc.)
・Improving IAM design and access control
・Reviewing network designs
・Improving monitoring systems using AWS Security Hub, etc.
・Developing vulnerability and risk assessment methodologies and response strategies
◆ AI/LLM Security & Data Protection
・Addressing security risks associated with LLM usage
・Countermeasures against prompt injection
・Measures against data leakage risks
・Investigating AI output quality and safety
・Designing encryption and access control for voice and text data
・Strengthening data governance for a product handling medical information
◆ Security Framework & Rule Development
・Improving ISMS operations
・Enhancing compliance with the "3 Ministries and 2 Guidelines"
・Establishing incident response flows and CSIRT structure
・Providing security education to development members
▼Required Skills/Experience
・3+ years of experience in security measures and improvements for web applications or cloud environments
・Experience in vulnerability management, risk assessment, and driving improvements
・Selection and coordination of external assessment companies
・Analysis of assessment results
・Collaborating with development teams for corrective actions
・Building continuous security improvement processes
・Technical understanding of authentication, authorization, and network design
・Communication skills to constructively discuss with development teams and autonomously drive security initiatives
▼Preferred Skills/Experience
・Experience implementing DevSecOps
・Experience integrating security checks into CI/CD
・Experience with penetration testing and security assessments
・Experience with services handling highly confidential data, such as medical, financial, or SaaS
・Experience with obtaining and operating ISMS/SOC2, etc.
・Experience establishing a security organization
・Knowledge of security for LLM and generative AI products
・Certifications such as CISSP, CISA, OSCP, Information Security Professional Engineer (情報処理安全確保支援士)
▼Ideal Candidate Profile
・Someone who views security not as a "constraint to protect," but as a "mechanism to support business growth."
・Someone who can set their own goals and drive initiatives even in ambiguous situations.
・Someone who can find optimal solutions through dialogue with development members.
・Someone who is conscious of delivering value to the business and users, not just focusing on technology.
・Someone who wants to take on the challenge of building an organization as the first dedicated security professional.
▼Job Highlights
・Opportunity to be the first dedicated security professional and be involved in building systems from scratch.
・Chance to work in the growing fields of "Medical x AI."
・Close collaboration with the development organization.
・Opportunity to leverage your experience in a modern cloud environment.
▼Development Environment
Python / ML, Swift / Kotlin (Mobile), TypeScript / React / FastAPI (Web), AWS / GCP (Infrastructure)
▼Employment Type
Full-time (No fixed term)
▼Probationary Period
3 months (No change in compensation during the probationary period)
▼Salary
Annual salary: ¥6,000,000 - ¥9,000,000
▼Minimum Annual Salary (JPY)
6,000,000
▼Maximum Annual Salary (JPY)
8,980,000
▼Work Location
Tokyo Headquarters or Remote (Home)
4F Toranomon 33 Mori Bldg., 3-8-21 Toranomon, Minato-ku, Tokyo
▼Working Hours
No core hours / Flextime system (Work between 6:00 AM and 10:00 PM)
Standard working hours per day: 8 hours
Contractual working hours per month: 160 hours
▼Break Time
60 minutes
▼Overtime Work
Available
▼Holidays, Paid Leave, Special Leave
・Complete two-day weekend system (Saturday, Sunday, National Holidays, and other days designated by the company)
・Annual holidays: 124 days
▼Allowances and Benefits
・Various social insurances included (Health Insurance, Employee Pension Insurance, Long-term Care Insurance, Employment Insurance, Workers' Accident Compensation Insurance)
・Annual health check-ups (once a year)
▼Insurance Enrollment
Various social insurances included
▼Measures to Prevent Passive Smoking at the Workplace
Completely non-smoking within the office
▼Interview/Selection Process
Casual meeting / Document screening
↓
1-2 interviews (Technical assessment may be required before interviews depending on the position)
↓
Final selection (Reference checks may be conducted before or after the interview)
↓
Offer and contract negotiation (Contents may change depending on the situation)