Product Security Engineer - Legal Tech

This is a leadership candidate/senior security engineer position responsible for security-related operations in our product domain. This is a position with great growth opportunities where you can drive the company's growth by leading the product security strategy that supports the reliability of our globally deployed AI products and by working on new best practices for product security in the AI ​​era, such as considering countermeasures against new threats and attack models unique to AI products.

[Job Details] The scope of work will be the entire group company, and the areas related to their products and development, and you will be responsible for multiple tasks related to PSIRT activities. Specifically, the following tasks will be involved.

*Please note that in the event of a critical security alert or security incident, night and weekend support may be required. - Strengthening security measures in development processes and product environments - Based on the secure-by-design principle, design and implement mechanisms (automated security such as SAST/DAST/SCA necessary for promoting DevSecOps) to continuously improve the level of security measures in development processes and product environments without slowing down business speed - Formulate and implement secure coding guidelines suitable for AI native development - Establish and implement security baselines for product environments - Conduct threat modeling and architecture reviews - Define and design security control requirements for AI agents - Build, implement, and provide security assessments for web applications, APIs, AI (LLM), platforms, etc. in the product domain - Collect, analyze, and manage vulnerability information - Conduct security education for product personnel, product security monitoring, and incident response - Establish and update security incident response plans - Establish a system for security incident response - Design security monitoring in the product domain (detection logic, alert design, etc.) - Monitor security alerts related to products and implement initial response - Conduct security investigations and forensics - Collaborate with external stakeholders such as security vendors - Notification and reporting - Conduct review of security incident response and consider measures to prevent recurrence - Incident record management, review, and improvement planning - Implementation of security incident response training [Development environment / Tools used]

・5+ years of practical experience in security engineering in product environments
・3+ years of practical experience in designing and conducting security assessments, such as vulnerability assessments, in product environments
・Practical experience in threat modeling and security architecture review
・Understanding of security risks specific to AI native development, AI native products, and AI agents ・Experience in building security incident response processes and responding to incidents
・Experience in organizing security issues and promoting improvements in collaboration with stakeholders such as development teams
・Experience in security design and operation in cloud environments (GCP, Azure, AWS, etc.)
・Project lead or management experience ・Business level Japanese proficiency ・Conversational level English proficiency