Senior Risk Reduction Engineer - EH

Talisman Corporation • Tokyo, Japan • 1w ago

Job Description

Senior Risk Reduction Engineer

■ Your Role and Responsibilities

The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects.

Help define and support secure continuous delivery approaches including tools and automated processes
Help define and support secure continuous delivery approaches including tools and automated processes
Help define security requirements within the cloud environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics
Assist with application security testing and code reviews
Perform security reviews, identifying gaps in secure architecture and design
Co-create security policies and standards
Review and design application security controls
Research information security standards for adoption
Develop secure coding policies, procedures and standards
Engage with the engineering teams to review and update Software
Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

■ Work Location

・Tokyo, Japan

■ Experience and Qualifications

7+ years of experience in security related fields, such as Secure Engineering/Consulting, Security Operations Center Administration, DevOps.
2+ years of experience in leading security related teams/projects
Strong vulnerability pen testing skills; OSCP, CEH a plus.
Knowledge of Agile methodology
Vulnerability management skills
Solid understanding of public cloud (Azure, AWS, GCS, etc)
Practical application of secure engineering principles
Practical experience with SAST and DAST tools and workflows
Working knowledge of vulnerability/compliance, patch management, anti-malware,APT, identity and access control management toolsets
Experience with third party tools (e.g. Splunk, Elastisearch etc) to analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
Threat modeling

■ Additional Preferred Qualifications

Experience integrating automated security tools into CI/CD pipeline
Proven working experience within software development industry
Excellent interpersonal and communication skills
Proven working experience in conducting DevSecOps in an agile work environment
Hands-on development experience with at least *one* of the following programming languages:Python, Typescript, Java, Scala, Go
Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
Knowledge of continuous delivery and Application Lifecycle Management tools(Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)

Language Skills