← Back to main page

TECH-IT-103-Product Security Engineer (Leader)

Salary: 800 - 1500 百万円

GCPAzureAWS
English: IntermediateJapanese: Fluent

Minimum year of experience: 5

LegalOn Technologies

Product Security Engineer (Leader)

Description

This is a senior/lead security engineer role responsible for product security within a global AI-driven organization. You will lead product security strategies to support the reliability of AI products on a global scale, addressing new threats and attack models specific to AI, and driving best practices in the era of AI products. This is a growth opportunity to have a significant impact on the organization's expansion.

Responsibilities

The scope includes responsibility over group companies and their products, including product security incident response activities (PSIRT). Specific responsibilities include:

Note: You may be required to respond to critical security alerts or security incidents at night or on weekends.

  • Strengthening Security Measures in Development and Product Environments

    • Design and implementation of automated security (e.g., SAST/DAST/SCA) for DevSecOps, improving security without slowing down development.
    • Creation and implementation of secure coding guidelines for AI-native development.
    • Establishment and implementation of security baselines for product environments.
    • Conducting threat modeling and architecture reviews.
    • Definition and design of security control requirements for AI agents.
    • Development, implementation, and delivery of security diagnostics for web apps, APIs, AI (LLM), and platforms.
    • Collection, analysis, and management of vulnerability information.
    • Conducting security training for product teams.

  • Product Security Monitoring and Incident Response

    • Developing and updating security incident response plans.
    • Building and maintaining incident response frameworks.
    • Security monitoring design (detection logic, alerts) for product environments.
    • Monitoring security alerts and executing initial responses.
    • Conducting security investigations and forensics.
    • Collaborating with external stakeholders (e.g., security vendors).
    • Notifications and reporting.
    • Reviewing incident responses and considering recurrence prevention.
    • Managing incident records and promoting continuous improvement.
    • Conducting security incident response drills.

  • Development Environment / Tools

Requirements

  • Experience with SAST, DAST, SCA implementation and operations.
  • Experience developing and operating web application software.
  • Technical security risk assessment experience (e.g., penetration testing, TLTP, RedTeam).
  • Business level English proficiency.

Preferred Profile

  • Ability to balance business acceleration with security by understanding product value and development speed.
  • Able to organize technical challenges/risks and drive actionable improvements with development teams.
  • Proactive in defining issues and leading operational improvements, even in uncertain circumstances.
  • Strong interest in security for emerging technology areas like AI, and a drive for continual learning.
  • Able to collaborate constructively with a variety of stakeholders (developers, product managers, executives). Internal communication is primarily in Japanese, but English-native stakeholders are also present.
  • Able to remain calm and make sound decisions under pressure (e.g., during incidents or outages).
  • Skilled in gap analysis and optimizing/enhancing current operations.

Working Conditions

Salary

  • 8M–15M JPY (based on experience and skills)

Location

  • Shibuya, Tokyo (on-site; full remote not available)

Job Type

  • Full-time, permanent position

Working Hours

  • Flex time with no core time, or discretionary labor system
  • Overtime required as needed
  • 1-hour break

Probation Period

  • Yes (3 months)

Benefits

  • 120+ annual holidays, full 2-day weekends (Sat/Sun), public holidays
  • Vacation: year-end/new year, paid upon joining, special leave (sick, work-life balance, birthday), prenatal/postnatal leave, childcare/care leave, condolence leave
  • Social insurance coverage (health, pension, unemployment, labor accident)
  • AI tools provided (ChatGPT Enterprise, Notion AI, Gemini for Google Workspace, NotebookLM, Slack AI)
  • Access to dev support tools (Claude Code, Cursor, GitHub Copilot, Devin, Codex, Figma AI)
  • Personal development budget
  • Language learning support
  • Employee stock ownership plan
  • Flu shot subsidy
  • Indoor non-smoking (with smoking room in building)
  • Side jobs allowed (with permission)
  • "Eruboshi" certification for women's workforce empowerment
reco経由で応募する