English only | Mobile Application & Security Lead

A leading US based BNPL is looking for a highly experienced App & Mobile Security Lead to drive and strengthen application, mobile, and cloud security initiatives across its fintech platform and engineering ecosystem.

This is a highly technical leadership role requiring deep expertise in mobile security, application security, cloud security, and DevSecOps practices. The successful candidate will collaborate closely with engineering, platform, compliance, and global security stakeholders to build scalable security controls, improve secure development practices, and proactively defend against modern threats including AI-driven attack vectors and mobile payment fraud.

Responsibilities:
- Define and maintain security standards for mobile apps, APIs, backend systems, and SDLC processes
- Lead application and mobile security architecture for authentication, data protection, and secure system design
- Conduct threat modeling to identify and reduce security risks
- Work closely with engineering teams to implement secure and user-friendly solutions
- Manage API and authentication security including REST, GraphQL, and OAuth2.
- Design and manage automated security testing within CI/CD pipelines
- Integrate security checks into GitHub and CircleCI workflows for early vulnerability detection
- Develop security automation tools to improve efficiency and reduce manual work
- Lead container and runtime security scanning across application and mobile environments
- Manage the full vulnerability management process including risk assessment, remediation, and validation
- Monitor emerging application, mobile, API, and AI-related security threats
- Support prevention and mitigation of AI-driven attacks, fraud, and platform abuse risks
- Communicate security risks and remediation priorities to technical teams and management
- Support security audit and compliance activities including SOC2, ISO27001, APPI, and Japanese regulatory requirements
- Maintain application security standards, secure coding policies, and governance frameworks
- Work with internal and external audit teams on evidence collection, control reviews, and remediation tracking
- Guide engineering teams on secure coding, mobile security, and secure development practices
- Use scripting, automation, and AI tools to improve security operations and reporting
- Conduct security awareness and training programs for application and mobile engineering teams


Why should you apply:
- Diversified team with 230+ colleagues from 35+ countries 
- Exciting work opportunities in a rapid-growing organization 
- Cross-functional collaboration 
- Hybrid remote work model - minimum 2 times in office per week (subject to change at company discretion) 
- Competitive salary and benefits 

Company Details: 
The company is Japan’s pioneer and leading provider of Buy Now, Pay Later (BNPL) services, focused on delivering simple, seamless, and secure payment experiences that make shopping effortless and enjoyable.
It leverages proprietary technology, advanced data analytics, and machine learning to underwrite transactions in real time — providing instant credit decisions and guaranteeing payments to merchants. Through its innovative approach, the company helps partners increase conversion rates, reduce incomplete transactions, and drive repeat purchases. Now part of a global digital payments group, the company continues to operate independently under its own brand, maintaining a strong commitment to innovation, reliability, and customer-centric design.
The organization continues to evolve its technology to make shopping easier and more engaging — both online and offline. It offers IT professionals the opportunity to build scalable systems, develop cutting-edge financial technologies, and help shape the future of digital payments in Japan.

Working Hours: 9:00 - 18:00 (Mon-Fri)
Work Style: Hybrid (2 days in office)
Holidays: Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
Interview process:  4 ~ 5 rounds of interview 

Required Skills:
- 5+ years of experience in Application Security, Mobile Security, or DevSecOps
- Strong hands-on experience in Android/iOS security and mobile application hardening
- Experience implementing SAST, SCA, DAST, and other security tools in CI/CD environments
- Experience securing AWS cloud and cloud-native applications
- Strong knowledge of OAuth2, API security, REST, and GraphQL
- Experience with Docker, Terraform, container security, and IaC security validation
- Programming experience in languages such as Python, Java, Scala, or Rust
- Experience using AI tools for security automation and workflows