 |
 |
Tech
Senior Risk Reduction Engineer_EN [24a-005]
| 職務内容/Job duties |
KPMG Ignition Tokyo (KIT) collaborates
with KPMG Global and KPMG Japan member firms to create a common platform
and solutions to support the digital transformation of client companies.
※KPMG Ignition Tokyo HP is Here
At KPMG Ignition Tokyo (KIT), not only experts in advanced technologies such as cloud, AI, blockchain, and IoT,
but also experts in various digital fields such as data science, data visualization, cloud architecture, and system security
gather from all over Japan/world. As a " technological " hub for KPMG Japan, we are developing digital platform technology that can be shared with KPMG Japan's audit, tax, advisory and other service operations,
as well as supporting the digital transformation of KPMG Japan and our client companies.
---------------
KPMG Japan is a collective term for KPMG International's member firms in Japan, with approximately 9,000 employees in eight professional firms covering the three areas of auditing, taxation and advisory.
KPMG firms operate in 145 countries and territories with more than 236,000 partners and employees working in member firms around the world.
***************************
The Team is ;
The Risk Reduction Engineering team in tasked with "de-risking" the services we deliver through the process of identifying both Design and Implementation defects.
These defects are shepherded to their solutions with guidance from RRE.
Job Description/Mission
Help define and support secure continuous delivery approaches including tools and automated processes
- Help define and support secure continuous delivery approaches including tools and automated processes
- Help define security requirements within the cloud environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics
- Assist with application security testing and code reviews
- Perform security reviews, identifying gaps in secure architecture and design
- Co-create security policies and standards
- Review and design application security controls
- Research information security standards for adoption
- Develop secure coding policies, procedures and standards
- Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
|
| 応募資格/Qualifications |
How many years of experience in this role
7~15 years
Qualifications, Experience, skills, knowledge
[MUST]
・ 7+ years of experience in security related fields, such as Secure
Engineering/Consulting, Security Operations Center Administration, DevOps.
・ 2+ years of experience in leading security related teams/projects
・ Strong vulnerability pen testing skills; OSCP, CEH a plus.
・ Knowledge of Agile methodology
・ Vulnerability management skills
・ Solid understanding of public cloud (Azure, AWS, GCS, etc)
・ Practical application of secure engineering principles
・ Practical experience with SAST and DAST tools and workflows
・ Working knowledge of vulnerability/compliance, patch management, anti-malware,APT, identity and access control management toolsets
・ Experience with third party tools (e.g. Splunk, Elastisearch etc) to
analyze systems and audit logs to identify anomalies, threats, potential vulnerabilities, configuration errors, zero-days, and breaches
・ Threat modeling
[Nice to have]
・ Experience integrating automated security tools into CI/CD pipeline
・ Proven working experience within software development industry
・ Excellent interpersonal and communication skills
・ Proven working experience in conducting DevSecOps in an agile work environment
・ Hands-on development experience with at least *one* of the following
programming languages: o Python, Typescript, Java, Scala, Go
・ Proven working experience with DevOps container/orchestration tools
(ie: Docker, Kubernetes, etc.)
・ Knowledge of continuous delivery and Application Lifecycle Management tools(Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)
Profile;
We are looking for a person with strong interpersonal/communication skills although language is not the most important part.
It's about "communicating"- means building mutual trust and having a lot of patience in helping teams, understand security problems and being kind when mistakes are made.
We also want someone who is confident in their engineering skills because they know they are good (and we better ensure that's the case).
The person has a strong "what if" mentality and is able to really prove the "why's".
Language Skills
・Japanese: N2 and up Japanese skills desirable
・English: Business level or above
|
| 待遇/Salary & Benefits |
Details to be discussed at the final stage.
【Working time】
Standard working hours 9: 15-17: 15 (prescribed working hours 7 hours, break time 1 hour)
【Treatment・Welfare・Benefit】
Commute allowance, Health Insurance, Welfare pension insurance,
Employment insurance, Worker's accident insurance、retirement package, Health insurance association cafeteria Plan, etc.
【OFF/Vacation】
・Paid leave: 15〜25 days/Year
(Paid leave is granted from the Day 1: In the first fiscal year, it is granted proportionally according to the joining date)
(Paid leave used ratio: more than 90%)
・OFF days 120days or more/Year
・2days off (Sat, Sun)/Week, National Holidays, Year-end, New Year(12/29-1/4), Congratulations and condolences vacation, Special Vacation
|
| 勤務地/Location |
KPMG Ignition TOKYO
Otemachi Chiyoda-ku Tokyo
Access
(Direct Connection from MARUNOUCHI line Otemachi Sta)
-Depending on your task, you may work at other site of KPMG
-We offer hybrid working style. |
|
|
|
|
 |
|
