Japan's Premier Provider of Executive Search

Security Engineer Tokyo


01-16 Security Engineer/セキュリティーエンジニア


Professional Services & Consulting

8-11 million
 Maintaining the confidentiality, availability, and integrity of our clients and our company KPMG Ignition Tokyo (KIT) information is crucial. We are seeking an experienced Security Engineer to support the continuous integration and continuous deployment activities of multiple DevOps teams. Following a DevOps / Agile methodology, our teams design, develop, and deploy cloud based solutions with high security requirements and compliance standards.

1. Define security requirements within the cloud environment around automation CI / CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics.
2. Assistant application security testing and code reviews.
3. Performing security reviews, identifying gaps in security architecture and design
4. Creating security policies and standards
5. Review and design application security controls
6 Researching information security standards; conducting system security and vulnerability analyzes and risk assessments
7. Develop secure coding policies, procedures and standards
8. Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
1. 3+ years of experience in security related fields, such as Security Engineer / Consultants, System Administrators, DevOps, etc.
2. Knowledge of Agile methodology
3. Vulnerability management and good knowledge on performing vulnerability tests
4. Solid understanding of public cloud (Azure, AWS, GCS)
5. Technical knowledge of secure engineering principles
6. Application security assessments (source code and dynamic)
7. Working knowledge of vulnerability / compliance, patch management, anti-malware, APT, identity and access control management tool sets
8. Experience with third party tools (eg Azure Security Center / Sentinel) to analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, day-zero vulnerabilities, Metasploit, and breaches
9. Understanding of application threat modeling and SDLC security practices
10. Experience integrating automated security tools into CI / CD pipeline
11. Proven working experience within software development industry
12. Excellent interpersonal and communication
13. Proven working experience in conducting DevSecOps in an agile work environment
14. Hands-on development experience with at least one of the following programming languages: C, C ++, C #, Java, Scala, Swift, Go, Clojure, Python, R
15. Proven working experience with DevOps Container / Orchestration Tools (Ie: Docker, Kubernetes, Etc.)
16. Knowledge of continuous delivery and application lifecycle management tools (Jenkins, Bamboo, JIRA, the SVN, Git, Nexus, Etc.)
17. English - Business level or Higher level
18. Japanese communication skills helpful but not necessary
1, Certified Information Security Auditor (CISM) or equivalent (CISSP, CISA, GIAC, etc.)
2. Certified Ethical Hacker (CEH) or equivalent (LPT, CEPT, GIAC Penetration Tester, etc.)
1. Certifications Certificate of Cloud Security Knowledge (CCSK) or equivalent (CCSP, Azure, AWS, GCP, etc.)
2. Offensive Security Certified Professional (OSCP) or equivalent (OSCE, etc.)

1. Passionate about discovering and applying new technologies, ideas and unique solutions to complex and transformational business problems.
2. Creative, yet disciplined in their approach and constantly engaged in learning new things
3. High level of discipline and a structured approach for documenting and managing own work
4. Self-Motivator and possess the communication skills and character to constantly engage with a fast-paced, always changing team.