外資系生命保険会社でのIT Security Engineerの求人

【Job Function Overview】

Our Insurance is searching for an experienced IT Security engineer to execute IT Security functions for the Japan business unit. Located in Tokyo, reporting to the chapter lead of application security, the role will require in-depth understanding and experience with IT Security principles, technologies and best practices.


The Successful candidate will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex cyber challenges, and communicating to all levels of the business, domestic and international locations. The candidate requires experience in multiple fields as an IT security professional to lead and execute various IT security activities. Managed security services are provided from our Group and interaction with security counterparts from other business units will be required. In this position, you will utilize your cybersecurity expertise to serve as a trusted advisor to address increasingly complex and rapidly changing cybersecurity issues.

【Position Summary】

Responsibilities:

The Application Security Engineer is a key role with responsibility for supporting the secure delivery and maintenance of business applications and infrastructure equipment. Collaboration with other partners within IT and the business to achieve the desired security posture is required to find the right balance between business and security. The role requires to work with people at all levels domestic and international.

The role will include:

Designing and implementing security standards, policy guidelines, and appropriate architectural principles for the continued achievement of cybersecurity objectives to ensure the firm’s cyber security goals continue to be met
Overseeing and driving the delivery of cyber security projects in line with the our Group cyber resilience plan and our Group’s Cyber Security roadmap
Collaborating and cooperating with the IT Security teams of our Group IT / our International
Updating and reviewing operational documentation to reflect changes in the security landscape
Collaborating with development and operations teams to ensure security is considered at every stage of the software development lifecycle
Maintaining SAST/DAST tools integrated into the build and deployment processes
Implementing and managing IT security products
Collecting, analyzing and visualizing information related to IT security
Communicating security risks and recommendations to technical and non-technical stakeholders and conducting internal training, workshops, and information dissemination on IT security
The Application Security Engineer is a hands-on position who will engage in development and execution tasks. This position will work closely with other co-workers within the IT area and the business from other divisions.

【Skills, Knowledge, Experience】

Mandatory

Business-level Japanese language skills
Business-level English language skills
Professional experience with at least 3 years specializing in integrating security practices and tools into the DevOps CI/CD pipelines
Development and maintenance of scripts and tools to automate security testing and compliance checks
Demonstrable understanding of security solutions and designs from a people, process and technology perspective; including security technologies, controls and assessment methodologies.
Knowledge of established information security frameworks and standards (ie NIST, CIS etc.) and their application into diverse environments
Extensive knowledge of IT security technology systems
Experience in building and operating hybrid IT infrastructure (servers, networks, office automation systems, etc.)
Preferred

Strong understanding of DevOps principles, CI/CD pipelines, and automation tools (e.g., GitLab, Azure DevOps)
Experience in managing security controls in Kubernetes and containerized environments
Experience in IT auditing or IT risk assessment
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar certifications or credentials
Knowledge and understanding of relevant legal and regulatory requirements in Japan
Up-to-date knowledge of methodologies and trends in IT Security
Cyber risk governance processes and metrics
Security Information and Event Monitoring solutions
Threat Intelligence Platform’s
Application and Network Penetration Testing Methodologies using Red Team tools
Data loss prevention technologies
Platforms security including windows desktop and server environments UNIX, Linux
Third party and supply chain risk security processes
Website development and operation experience
【Personal Attributes】

Passion for cybersecurity and a commitment to staying current with the latest advancements
Excellent problem-solving skills and attention to detail
Energetic and positive attitude; can multitask. dynamic and flexible
Ability to challenge, with high levels of ownership Ability to deal with conflicting situations
Ability to work independently in a timely manner
Strong communication skills and the ability to communicate appropriately
Strong relationship building and interpersonal skills with the ability to work with stakeholders
Handles well in high stress situations and tight timelines
Team Player