Senior Application Security Engineer
Nihonbashi, Tokyo
Applications have closed
Woven Planet Holdings, Inc.
Woven by Toyota innovates and invests in new technologies, software, and business models that transform how we live, work, and move.Visit us to learn more: https://www.woven-planet.global/
TEAMThe security team at Woven Planet is on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.
WHO ARE WE LOOKING FOR?We are looking for an expert Application Security Engineer with a strong background in secure software development to ensure that our software systems are designed and implemented to the highest standards. The scope of the role is broad; you will participate in the secure design of new services and products, vulnerability analysis of applications, work with developers to resolve security issues, and build tools for security automation. You will also help improve our application security program by developing technical standards and processes which allow developers to write secure software.
The successful candidate will have a good mix of deep technical knowledge and a demonstrated background in information security. We value broad and deep technical knowledge, specifically in the fields of application security for cloud systems, operating systems, cryptography, web applications, and embedded systems.
RESPONSIBILITIES
- Partner with development and operations on designing and building secure applications for critical Woven Planet systems. When gaps are identified, drive issues to resolution by providing in-depth advisories, building tools, or contributing code as necessary.
- Perform threat modeling and application security assessments for projects across the organizations.
- Improve the application security program by enhancing technical standards and guidelines to foster secure development practices.
- Improve the accessibility and enforceability of security through automation, CI/CD pipelines, and other means.
- Perform static/dynamic security testing for applications developed by Woven Planet to identify vulnerabilities and security defects.
- Manage the lifecycle of vulnerabilities, from identification to remediation and reporting.
- Mentor software engineers and provide training on security best practices.
- Communicate effectively at multiple levels of sensitivity, and multiple audiences.
MINIMUM QUALIFICATIONS
- 5+ years of relevant, broad engineering experience in information security or software development.
- 3+ years of experience on an Application Security team, especially in providing security requirements, conducting risk assessment, threat modeling, and security code review.
- Good understanding of software, computer, network architectures, and practical cryptography usage.
- Hands-on experience with software development in one or more general-purpose development languages such as Python, Ruby, Go, C/C++, Java, and JavaScript.
- Understanding of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM, etc.)
- In-depth knowledge of secure coding principles and common application security vulnerabilities, such as OWASP Top 10 and CWE 25 vulnerabilities.
- Well-versed in large-scale application design, application security testing, and risk management.
- Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies.
PREFERRED QUALIFICATIONS
- Good knowledge of security features and mechanisms provided by AWS or GCP. AWS Certified Security or GCP Professional Cloud Security Engineer is a plus.
- Deep knowledge of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM.
- Experience implementing DevSecOps pipelines and converting manual processes into automated processes.
- Success in implementing effective Secure SDLC frameworks across a large corporation.
- Experience in managing application security testing tools like SAST, DAST, and Open Source Vulnerability Scanning.
- Good understanding of the following technologies and concepts: Microservice Architecture, Docker, Infrastructure as Code, CI/CD pipelines, Kubernetes.
- Familiarity with security and privacy frameworks and regulations (e.g. SOC, PCI-DSS, ISO, GDPR, CCPA)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS BSIMM C C++ CCPA CI/CD Cloud Cryptography DAST DevSecOps Docker GCP GDPR IAM Java JavaScript Kubernetes OpenID Open Source OWASP Privacy Python Risk assessment Risk management Ruby SAML SAST SDLC Security assessment SSO Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs