Security Specialist_CISO Office

Responsibility

Money Forward is looking for Security Specialists for the CISO Office. The candidate will be involved in information security matters across Money Forward Group and is responsible especially for the following areas:

■Product Security

• Implementing and maintaining security guardrails for AWS / GCP environment
• In-house security consulting: providing technical advice or architecture reviews from the aspect of security to  developers
• Performing or assisting vulnerability assessments and penetration testing
• OSINT tasks such as collecting and verifying vulnerability information
• Involving in DevSecOps tasks such as developing security-related automation tools and scripts
• Implementing industry frameworks such as NIST CSF, CIS Controls, etc.

Qualifications

Technical skill

• Strong understanding of computer science, including networking, operating systems, data structures, cryptography, etc.
• Knowledge and experience in any of the following areas
  • Vulnerability assessment
  • Penetration testing or red teaming experience
  • Forensics, malware analysis, incident response, etc.
  • Cloud security
  • Experience in building and operating DevSecOps
  • Experience in building and operating security solutions such as WAF, IDS / IPS, SIEM, etc.

Soft skill

• English communication skills
• Ownership, teamwork skills, and communication skills
• Self-learning skills

Language Requirement

English: Business-Level, both verbal and written.
Japanese: Not required

Preferred skills and experience

Technical skill

• Development experience using any of the programming languages
• CTF experience
• Experience in bug hunting or CVE acquisition
• Certifications such as CISSP, CISM, OSCP, GCIH
• Strong understanding of authentication and authorization, e.g.OIDC, OAuth
• Experience in FISC or other security-related work in the financial or fintech industry

Technology Stack

• Web Server Side: Rails, Go
• Web Front End: React, Redux, webpack, TypeScript, Mocha, Jest
• Database: MySQL (Aurora)
• Infrastructure and middleware：AWS (ALB, EC2, RDS, S3, SQS, ElastiCache, EKS...) 
  GCP (BigQuery, Firebase, GKE)
  nginx, squid, memcached, kafka, logstash, filebeat, maxwell, kibana, elasticsearch,Fulentd envoy, Passenger, Puma, Unicorn, HAProxy, Docker Redis, Memcached

Tools used

• Biz platform: Marketo, SalesForce
• Repository management: GitHub
• CI/CD: CircleCI, bitrise, ArgoCD, CodeBuild, Github Action
• Development environment: Vagrant, Docker, Terraform Enterprise
• Monitoring: DataDog, Rollbar, Bugsnag, Sently, New Relic
• Communication: Slack
• Ticket management: Jira, asana, trello, backlog
• Security and automation: OWASP ZAP, Burp Suite, Sider (Brakeman), Snyk, Vaddy, Dockle, Trivy

Location, Work Style Policy (Work from office / Work from home)

• Location: Tokyo, Japan
• Hybrid Work
  • As a standard practice, a minimum of 2 days work from office attendance is mandatory, designated as team office days. Additionally, employees are encouraged to spend 3 or more days in the office.
  • The specific "team office days" may vary depending on the assigned team.
  • This policy may be subject to change based on the company's needs and work circumstances.

Relocation Support

• Working Visa
• Flight ticket to Japan
• Signing Bonus
• Temporary fully furnished apartment for the first month

Working hours

Flexible Working Hours (No core time)

Vacations

• Two days off per week (Saturday and Sunday)
• Japanese national holidays (16 national holidays in 2021)
• Paid holiday: 10 days (first year) *Number of paid holidays increases (+1 day) every year up to 20 days a year.
• Summer vacation days: 3 days
• Winter vacations days: 2 days

Benefit

• Health insurance
• Employee stock ownership plan
• Full transportation coverage
• The latest computer (No limit upgrade or purchase when needed for development is available upon approval.)
• Seminar participation support
• Book purchases
• Copyright of OSS belongs to individuals