Security Engineer｜Legal-tech Company

【About the Company】

The company's mission is to "make all contract risks controllable.
To achieve this, the company is currently developing the following businesses

【Business Description】
(1) Development and operation of AI contract review platform "LegalForce"
(2) Development and operation of AI contract management system "LegalForce Cabine"
(3) Operation of "Contract Watch," a contract-related information media

The company's economic activities consist of a variety of contracts, large and small, entered into by consumers and businesses.
At the same time, this means that "contract risks such as unfavorable terms and conditions and violations of laws and regulations are latent.

The company combines the latest technology with legal expertise to make contract risks visible and controllable.
To ensure that rights are properly protected and unforeseen events are prevented.
And to create a more prosperous and trusting economic society.

【Job Description】 

Officially released in April 2019, the company's contract review platform is growing at an astounding rate, with the number of companies that have installed it surpassing 2,500 (as of September 2022), and more and more companies are interested in using it.
In addition, the AI contract management system has received a lot of positive feedback since its official release in January 2021, and the number of companies that have installed the system has exceeded 600 (as of November 2022).

The CSIRT Section provides security technical support, security monitoring, and response to security incidents in the product and business system areas in order to prevent, detect early, and minimize damage from security incidents in the company. They are looking for a talented individual who can lead these measures.

【Responsibilities】
- Regular CSIRT operations such as vulnerability response support, security monitoring, and response to security incidents
- Promotion of the following projects for prevention, early detection, and damage minimization of security incidents
- Study and support implementation of CSPM for product environments
- Selection and implementation of XDR and MSS (Managed Security Service)
- Design and upgrade of monitoring and detection logic to enhance security measures

【Attractiveness of this position】
- You can discuss directly with developers on the product side and system staff on the business system side to consider security measures.
- The company's business system area is cloud-native and the system architecture is based on the ZTA concept, so it is possible to adopt and handle new ideas and solutions.
- You will be able to promote various measures with discretion.

【Working conditions & treatment】

Flextime System

・Full social insurance (health insurance, employee pension insurance, unemployment insurance, worker's compensation insurance)
・Subsidy for meal, water server
・Subsidy for language learning
・Subsidy for purchasing technical books
・Subsidy for influenza vaccination
・No smoking indoors (smoking room available in the building)
・Various in-house clubs available
・Lawyers' association fee subsidy (40,000 yen per month)
・Second job allowed (permission required)

・Saturday/Sunday/National Holiday
・Annual Paid Leave
・New Year Holiday)
・Parental Leave
・Nursing Care Leave
・Congratulations & Condolence Leave
・Others

Required
- Project Management
- Security Incident Response
- Security Monitoring
- Vulnerability Response Support
- Threat modeling and analysis based on MITRE ATT&CK, STRIDE, etc.
- Design of security response flow
- Development of security detection logic
- Selection, implementation and operation of security products and services such as XDR, MSS, SIEM, CSPM, etc.
- Installation and operation of network security measures such as FW, IDS/IPS, WAF, SWG/CASB, etc.

Preferred
- Experience managing members (1-5 people)
- Recruitment and training of team members
- Knowledge and experience in advanced incident response, including malware analysis and digital forensics
- Use of vulnerability assessment for web applications, platform assessment for OS and middleware, penetration testing, RedTeam, etc.
- Implementation of security measures for software development process
- System construction and operation using cloud environments such as AWS, GCP, etc.
- Management of external contractors
- English reading & writing skills (business level)

Ideal Applicants
- Able to plan and develop security strategies based on the results of security risk assessments
- Able to manage projects based on an understanding of the strengths and skills of project members
- Able to take the technical lead on security for each project
- Able to communicate smoothly with internal stakeholders
- Have technological curiosity and be able to catch up with new technologies on one's own