Senior Security Engineer
About the role
We are looking for a Senior Security Engineer with strong crypto and Web3 domain knowledge to join our Engineering team. You will be part of a collaborative team with a presence in Tokyo (Shibuya). Reporting directly to the Director of Engineering, you will own the security posture of our products and infrastructure from end to end, spanning application security, cloud and Kubernetes environments, smart contract security, security operations, and compliance. This is a high-impact role based in our Tokyo office (or remote) where you will work closely with our DevOps and Engineering teams across an AWS-native, containerized stack, and help us stay ahead of the rapidly evolving, AI-accelerated threat landscape in the crypto and Web3 space.
Key responsibilities
- Lead the design and implementation of security controls across AWS, EKS/Kubernetes, CI/CD (Jenkins, GitHub Actions, ArgoCD), and AI/agentic engineering workflows.
- Own threat modelling, risk assessments, and security architecture reviews across infrastructure, applications, and AI-driven systems.
- Drive vulnerability management end-to-end — including code, infrastructure, and AI-generated artifacts — using tools such as NewRelic, Bugsnag, and security scanners.
- Define and enforce secure coding and AI usage standards, including guardrails for LLMs, copilots, and automated workflows.
- Build and operate security monitoring, alerting, and incident response capabilities, including detection and handling of AI/agent-related risks.
- Evaluate and manage security and AI tooling (SAST/DAST, SIEM, EDR, secrets management), ensuring least-privilege access and secure integrations.
- Harden infrastructure and data layers (Terraform, IAM, VPC, Cloudflare, Cassandra, Kafka, Redis), including protections against unauthorized or automated actions.
- Drive compliance (SOC 2, ISO 27001) with a focus on auditability, data protection, and governance of AI systems.
- Act as a security leader — educating teams, shaping best practices, and staying ahead of threats across AI, cloud, and Web3 (smart contracts, key management, bridges).
- Partner with blockchain/product teams to mitigate risks in decentralized systems.
Requirements
We're looking for someone with hands-on experience across both offensive and defensive security disciplines:
- 5–8 years in security engineering across application, cloud, and infrastructure security.
- Strong understanding of crypto/Web3 security (smart contracts, wallet/key management, blockchain attack vectors).
- Deep hands-on experience securing AWS (IAM, VPC, EKS, S3, EC2) and Kubernetes environments.
- Proficiency in AppSec (OWASP Top 10, secure SDLC, code reviews) and common security tooling (SAST/DAST, SIEM, secrets management).
- Solid foundation in network security, cryptography, and auth protocols (OAuth, SAML, MFA).
- Experience with incident response, threat modelling, and frameworks like MITRE ATT&CK.
- Familiarity with compliance standards (SOC 2, ISO 27001, NIST, GDPR).
- Strong communication skills and ability to operate autonomously.
- Interest in or experience working in APAC/Japan (nice to have).
Nice to have
- Certifications (CISSP, OSCP, AWS Security, etc.).
- DevSecOps experience and CI/CD security integration.
- Experience with Cloudflare, service mesh (Istio), or microservices security.
- Background in software engineering (Java, Rust, TypeScript).
- Smart contract auditing or Web3 tooling (Slither, MythX, Certora, on-chain monitoring).
- Experience building or scaling a security function.
- Professional fluency in Japanese.
What we offer
- A high-impact, senior-level role with direct visibility to engineering and company leadership.
- Ownership over a broad, challenging security mandate with room to shape strategy.
- Collaborative and engineering-first culture that values security as a core competency.
- Opportunities for professional development, certifications, and conference attendance.