Security Engineer- bilingual Japanese/English

Our purpose at Cookpad is to make everyday cooking fun. Not just because we like food but because we believe that cooking is key to a happier and healthier life for people, communities and the planet.

Cookpad is a tech company that started life in Japan and is now the largest recipe sharing community in the world with over 5 million recipes created by users active in more than 70 countries. Our global platform is used by more than 100 million people every month across the world, which brings very interesting reliability and scalability challenges to tackle.

We are building a team of diverse, exceptional problem-solvers from around the world. We hire passionate, smart and innovative people who want to make a difference. This role is a unique opportunity to do security work at a truly global scale, having a direct impact on keeping our users and our colleagues safe all over the planet. Because you will be working with both our global teams (where English is the language we use for intra-company communications) and our Japanese teams, English and Japanese fluency is essential.

What’s it like to work at Cookpad? Visit https://careers.cookpad.com/ to find out more.

Our Global office is in Bristol in the UK - one of the most exciting emerging tech hubs in Europe. The team currently operates on a hybrid working model, fully remote is also a possibility in certain time zones, though you must already have permission to work in the country you’ll be working from. We are able to sponsor UK visas given UKVI clearance, and support for relocation is available.

Requirements

What are we looking for?

We want users to feel safe and secure using Cookpad during their everyday cooking. Because food is such a personal topic, our users may sometimes share personal information such as preferences, health, family, income, location, and so on, to decide what to eat and what to cook. We work to keep this information secure, along with all other data that users publish.

As a Security Engineer in the Global Security team, you will work to identify and resolve various security risks in our products, support teams as they make product decisions, and help to educate your colleagues on security best practices. In this job, it is important that you behave as an engineer, not a consultant. As a team we see security as a feature, we work to mitigate threats and keep ourselves and our users secure, aiming to keep the development of our services moving forward without compromising security.

Tech Stack

Note that this is not a list of requirements, but a way of giving you the technical ‘lay of the land.’

You will be involved in maintaining the security of products built on AWS, GCP and various cloud services, increasingly configured using Terraform. Our core product is a Ruby on Rails application, and we have services in many different programming languages and technologies, including Go, Python, Typescript, Kubernetes, and so on. We don't like to simply buy security solutions, we prefer to integrate it well into our company and if necessary make it by ourselves using the technology that’s appropriate for the task.

Your day-to-day could look like:

• Collaborating in a diverse organisation across multiple teams, including product development, engineers, legal, community management and leadership
• Reviewing the design of the product, identify what needs to be done and implement as required (note that we’re trying to implement this kind of security culture, so you won’t simply be assigned a million security tickets and told good luck - you’ll be working with various teams to help them make and do things securely)
• Reviewing source code and identifying potential vulnerabilities
• Working with third party vendors to conduct penetration testing, taking a leading role in communicating with product teams and helping to resolve any vulnerabilities that are found
• Maintaining internal security standards and expanding them
• Providing a safe and efficient development environment for our developers - we review new vendors, help to implement static and dynamic scanning tooling, SIEM (Security information and event management) systems etc.
• Speaking of SIEM – you’ll be working in a still-developing environment with a combination of: various AWS security products (GuardDuty, Config, etc.), Kibana (just the log search), Crowdstrike Falcon, and some internally developed tooling for SIEM purposes. You don’t have to be intimately familiar with these systems, just ready and willing to learn.
• Investigating security-related events and incidents, taking the necessary follow-up actions
• Be a contact point for security at Cookpad for a variety of stakeholders

Requirements

Note that if you believe you are a match for this role but do not meet one or more requirements, please feel free to apply. If you have questions, please contact us at security-engineer-02-2023@cookpad.com.

• You are a curious and collaborative engineer, equally at home writing and reviewing code, willing to explain security concepts to other engineers as well as coworkers with other kinds of experience.
• Fluency in English and Japanese is essential
• Experience working in a technical team (this is probably not a suitable role for a junior)
• Experience developing web applications
• Understanding of modern web applications, network protocols and known vulnerabilities
• Experience using CI/CD pipelines and other tools to automate your work
• Experience with cloud security products and/or device management tooling and/or SIEM systems. We’re able to be platform agnostic, so as long as you are also willing to learn new systems
• Experience with and enthusiasm for working on projects in collaboration with people with a wide range of expertise

Interview Process

Interviews will be conducted remotely over Zoom. If there is anything we can do to best accommodate you please let us know. Once you have applied, if we move forward there will be a series of interviews with your possible future teammates, a technical assessment (mostly aimed at gauging your skills at identifying and explaining vulnerabilities to others - no algorithms or whiteboard exercises here!), and conversations with future colleagues in other departments.

Benefits

Why join Cookpad?

People join us because they share our vision to improve people’s lives. As a company Cookpad invests heavily in learning and development - we hire smart people who thrive in small, highly collaborative and energised teams, and who look at what we do and want to be part of it.

Valuing our team means we offer competitive salaries and benefits you’d expect from a company wanting great people, including generous employer pension contributions and cycle to work schemes. We also offer peace of mind with group income protection, life assurance and private medical insurance.

We also do a few things you might not expect. We keep the team healthy with fresh produce from local suppliers and delicious edible gifts from visiting team members. We have a fully stocked large kitchen space where our team comes together to cook and share everyday cooking ideas.

Finally the physical space we’ve created at our global offices in Bristol is an amazing, innovative work environment that reflects what we value, who we are and what we do.

Equal Opportunity

The Cookpad team is made up of an incredible, diverse range of people. We are proud to be an equal opportunity employer. We do not discriminate based on race, ethnicity, colour, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected status.

Your Privacy

When applying for a job with Cookpad, we will collect personal data about you. We use that personal data for recruitment and hiring related activities, including analysis of those activities. Such processing is legally permissible under Art. 6(1)(f) of the General EU Data Protection Regulation and UK GDPR as necessary for the purposes of our legitimate interests, which are the solicitation, evaluation, and selection of applicants for employment.