Senior Application Security Engineer

Summary

Join Degica, a leading cross-border payment gateway, as an Application Security Engineer. You will build and manage our application security program, integrating security into the SDLC and fostering a secure code culture. Responsibilities include developing security policies, conducting risk assessments, managing a bug bounty program, and guiding development teams on secure coding practices. The ideal candidate has at least 3 years of hands-on application security experience, familiarity with key security principles and technologies, and experience with vulnerability management and DevSecOps. Previous development experience is highly desirable. Degica offers a competitive salary and benefits package, including remote work flexibility and various paid time off options.

Requirements

• Proven experience in the application security domain, with a minimum of 3 years of hands-on experience
• Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
• Strong understanding of security principles and practices
• Familiarity with application security assessment tools
• Experience with end-to-end vulnerability management (e.g., SAST and DAST)
• Technical knowledge to understand vulnerability risk and remediation steps
• DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD)
• Familiar with security hardening standards and implementation

Responsibilities

• Build the Application Security Program
• Develop policies, procedures, and standards to safeguard our applications
• Conduct risk assessments and implement controls to mitigate security threats
• Help manage external pentesting required to meet regulatory compliance
• Integrate Security into the SDLC
• Implement and manage a Secure Software Development Life Cycle (SSDLC) process
• Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines
• Guide development teams in integrating security best practices
• Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers
• Foster a Secure Code Culture
• Promote application-security awareness and best practices across all teams
• Conduct code reviews and provide guidance on secure coding practices and secure software architecture
• Provide training and resources to development teams to ensure secure coding practices

Preferred Qualifications

• Working proficiency in Japanese is helpful but not necessary
• Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams
• Experience with building custom security tooling is a plus
• Cyber Security related certifications

Benefits

• Competitive salary and benefits package
• At Degica, we embrace remote work while also offering office space for those who prefer in-person collaboration
• 10 days regular vacation, additional 5 days summer and 5 days winter vacation
• Paid birthday holiday
• Budget for self-learning allowance, to ensure our employees’ skills remain current
• Language training for Japanese