CrawlJobs Logo
Randstad Logo Randstad · IT - Software Development

Senior Application Security (AppSec) Engineer

Japan, 東京23区 10000000.00 - 16000000.00 JPY / Year · Job Posted April 29, 2026
Apply Position
Job Link Share

Job Responsibility

  • Flexible working style: Flex-time and hybrid working style
  • English & Japanese Useage: This position regularly coordinates with overseas stakeholders, and would be a great opportunity to utilize your English and Japanese abilities on a regular basis
  • Global Tech Environment: Support a diverse team in a industry-leading global company

Requirements

  • 3+ years of experience in the applications security (AppSec) domain, including hands-on experience in code analysis, threat modelling, and an understanding of pentesting
  • Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
  • Strong communication skills and confidence to work closely with leads, senior devs, and the CTO, while being mature enough to handle reasonable pushbacks
  • Experience building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD)

What we offer

  • 健康保険
  • 厚生年金保険
  • 雇用保険
  • 土曜日
  • 日曜日
  • 祝日
Randstad - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Application Security (AppSec) Engineer

8 matching positions

Senior Application Security Engineer

We're hiring a Senior Application Security Engineer to join a small, high-levera...
Location
Location
United States , Remote
Salary
Salary:
180000.00 - 210000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in application security, offensive security, or security engineering, with demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security
  • Strong offensive skills - you can manually exploit real web and API vulnerabilities beyond what a scanner will find, and you can teach others to do the same
  • Deep familiarity with building and operating security tooling in a modern engineering org: SAST/DAST/SCA pipelines, custom detection rules, secrets scanning, and CI/CD security gates. You've written tooling, not just configured it
  • Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar)
  • Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar)
  • Clear, direct communication style. You can make a sharp technical argument to senior engineers, translate risk into business terms for leadership, and write a bug report an engineer actually wants to fix
  • Strong partnership instincts - you get leverage by making other teams faster, not by blocking them
Job Responsibility
Job Responsibility
  • Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship
  • Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work
  • Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. Build the custom rules, detections, and automation that generic tooling doesn't give us
  • Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries
  • build automation and guardrails that prevent the same class of issue from recurring
  • Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes
  • Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security)
  • Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels
  • Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • a variety of internal virtual events to keep employees connected
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

This is one of our most critical roles, and it’s the first dedicated AppSec hire...
Location
Location
Netherlands , Amsterdam
Salary
Salary:
Not provided
wetravel.com Logo
WeTravel
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience securing SaaS product environments
  • Experience in cloud native and containerized environments
  • Strong CI/CD experience
  • Ability to read and review code (you do not need to write application code for us day to day)
  • Experience working with software engineers
  • Hands on security engineering experience with strong ownership and delivery
Job Responsibility
Job Responsibility
  • Work closely with the Platform team to improve security across infrastructure
  • Work closely with product engineering teams to analyze code for vulnerabilities
  • Build CI/CD automation to find security issues automatically
  • Analyze what we have today, find gaps, take ownership, and execute on improvements
  • Help shift engineering mindset to be more security focused, without blocking development
What we offer
What we offer
  • Competitive salary
  • Generous "Time to Recharge" policy — enjoy unlimited paid time off to rest, recharge, and show up as your best self
  • Work remotely for a maximum of 4 weeks per calendar year
  • 2-week cross-functional onboarding program
  • Cycle-to-work scheme (Swapfiets subscription) or commuting reimbursement
  • Tuesday team lunches and after-work social events
  • Beautiful office in central Amsterdam – rooftop garden and right by Rokin metro
  • Extensive paid family leave
  • Three paid volunteer days per year — take time to give back to causes you care about, on us
  • Cutting-edge equipment and tools to set you up for success
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

In your role as a Senior Application Security Engineer, you are responsible for ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
resmed.com Logo
ResMed
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science or related field
  • Minimum of 5 years of experience in application security, software development, or related field
  • Expertise in Securing Software Development Lifecycles
  • Expertise in one or more high-level programming languages, e.g., Java, C#, Python, etc.
  • Expertise in application-level attacks and defenses, e.g., OWASP Top 10, SANS Top 25, etc.
  • Experience with AI application security concepts e.g. OWASP Top 10 for LLM applications, etc.
  • Experience with AppSec tooling such as SAST, DAST, IAST, RASP, etc.
  • Experience working with DevOps, Agile, Scrum, Kanban methodologies
  • Experience with AWS cloud services such as WAF, EC2, S3, Lambda, VPC, CloudWatch, CloudTrail, EKS, ECS, KMS, IAM, RDS
Job Responsibility
Job Responsibility
  • Enable development teams to develop secure applications
  • Operation and support of code scanning tools, e.g., Wiz and Checkmarx
  • Supporting development teams to triage findings and enable self-service
  • Ensuring code scanning tools integrate seamlessly into the current software development lifecycle with minimal friction e.g. Github actions as a part of existing shared CICD workflows
  • Oversee the design, implementation, and management of the infrastructure and tooling necessary to support all security aspects of continuous integration, continuous delivery, and continuous deployment (CI/CD) pipelines
  • Collaborate with key stakeholders to identify opportunities for automation, process improvement, and tool optimization
  • Research and implement new technologies to improve and grow secure development (e.g. applications, systems, outsources services)
  • Maintain operational guidelines, diagrams, and documentation for secure development
  • Work closely with the developer experience team to integrate security automation into the development process
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

Our team is growing and we're hiring a Senior Application Security Engineer to j...
Location
Location
United States
Salary
Salary:
Not provided
canarytechnologies.com Logo
Canary Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
  • Excellent communication and teamwork abilities
  • Strong experience integrating security into modern SDLC pipelines
  • Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
  • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
  • Familiarity with AWS/Kubernetes security
  • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
  • Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity
  • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
  • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
Job Responsibility
Job Responsibility
  • Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
  • Partner with developers on new features and systems to identify risks early in the lifecycle
  • Implement best practices for secrets handling, API authentication/authorization, and data protection
  • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
  • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
  • Implement monitoring, alerting, and remediation for security incidents across our platform
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows
What we offer
What we offer
  • Canary Days: company wide days off each month
  • Self Improvement Club: budget for personal goals
  • Professional Development Chats: budget for cross functional professional development
  • Travel Reimbursement: stipend for visiting offices in New York, San Francisco or Dallas
  • Personal Travel Reimbursement: credit for staying at a hotel that Canary works with
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

As an Application Security - Senior Product Security Engineer, you will play a c...
Location
Location
United States
Salary
Salary:
157000.00 - 216000.00 USD / Year
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application or Product Security, preferably in a SaaS or cloud-native environment
  • Strong understanding of web app and API security, microservices, and containerized architectures
  • Experience integrating security tooling into modern CI/CD workflows
  • Proficiency with SAST, DAST, IaC scanning, and container security platforms
  • Skilled in secure coding and code review for at least one major language (Python, Java, Go, JavaScript)
  • Familiarity with AWS security, Kubernetes security, and DevSecOps best practices
Job Responsibility
Job Responsibility
  • Lead application security initiatives across all SaaS products and microservices
  • Conduct threat modeling, architecture reviews, and secure code assessments for both backend and frontend systems
  • Implement and manage security automation in CI/CD, integrating SAST, DAST, SCA, and container image scanning tools
  • Collaborate with engineering teams to triage, prioritize, and remediate vulnerabilities across applications and containerized workloads
  • Drive AppSec awareness and training, developing secure coding practices and guidelines
  • Evaluate and deploy container security controls, ensuring images and orchestrators (Kubernetes, ECS, etc.) follow best practices
  • Support bug bounty and vulnerability disclosure programs and coordinate penetration testing
  • Stay ahead of emerging application and container threats, and recommend preventive controls aligned with OWASP and CIS benchmarks
What we offer
What we offer
  • Competitive compensation, benefits, and career growth opportunities
  • Opportunity to shape and drive product security strategy
  • Collaborative and security-minded engineering culture
  • Work on cutting-edge security challenges in a fast-growing company
  • Performance-based bonus
  • Equity
  • Generous benefits program
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

As a Senior Security Engineer on the Application Security team at OutSystems, yo...
Location
Location
Portugal , Lisbon
Salary
Salary:
Not provided
outsystems.com Logo
OutSystems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in application security within modern, cloud-native environments
  • Strong foundation in AppSec fundamentals, including secure design, threat modeling, vulnerability triage, and remediation
  • Ability to independently deliver moderately complex security work end to end
  • Comfortable working across application, cloud, and platform security within a defined scope
  • Ability to write, understand, and review code, including building security automation and validating AI- or low-code-generated solutions
  • Hands-on experience with AWS (required), Kubernetes, and microservices
  • Clear understanding of penetration testing, red teaming, and purple teaming, and when to apply each
Job Responsibility
Job Responsibility
  • Independently drive security work across all phases of the SDLC, from early design and threat modeling through implementation, testing, and release
  • Own delivery of moderately complex security projects or features, adjusting standard approaches as needed to achieve the intended outcome
  • Partner with engineering and platform teams to secure AI-powered and agentic capabilities, ensuring security considerations are built in early rather than bolted on later
  • Conduct focused security assessments of applications, APIs, internal services, and platform components using the appropriate depth and methodology for the risk
  • Contribute to the development and adoption of secure-by-default patterns, guardrails, and paved roads that scale security without increasing friction
  • Operate and improve security tooling by tuning signal quality, reducing noise, and identifying opportunities to improve effectiveness
  • Build or extend security tooling and automation to eliminate manual or repetitive work
  • Clearly communicate risks, tradeoffs, and recommendations to engineering partners in a way that supports informed decision-making
  • Proactively identify gaps or inefficiencies in security processes and suggest practical improvements aligned with team goals
  • Mentor junior engineers and new hires, helping them ramp up effectively and understand how Product Security operates at OutSystems
What we offer
What we offer
  • A company that is always growing, changing, and innovating
  • Real career opportunities
  • Work colleagues that are as smart, hard-working, and driven as you
  • Disrupting the status quo is in our DNA
  • We ask “why” a lot
  • Inclusive culture of diversity
  • Fulltime
Read More
Arrow Right

Senior Platform Security Engineer

We are looking for a security-minded engineer to join our Tech Foundations team....
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
multiverse.io Logo
Multiverse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A "Builder" Mindset: strong coding and scripting skills (e.g., Python, TypeScript/Node) and a passion for automating everything
  • Cloud & Infrastructure Experience: experience building and securing modern cloud-native infrastructure, including CI/CD pipelines (like GitHub Actions), cloud environments (AWS/Azure), and Infrastructure as Code (like Terraform)
  • Application Security Knowledge: solid understanding of the AppSec landscape and practical experience integrating tools (SAST, DAST, SCA) into developer workflows
  • A Collaborative Partner: excellent communication skills, enjoy collaborating with engineering teams and translating complex security concepts into clear guidance
  • Observability-Driven: experience using security and monitoring platforms (like Datadog) to detect and respond to threats
Job Responsibility
Job Responsibility
  • Architect Secure Foundations: help the platform team to own the security of our developer platform, including designing, building, and maintaining security controls and services within our CI/CD pipelines
  • Secure Our Infrastructure as Code (IaC): Partner with your Platform teammates to be the subject matter expert for securing our Terraform modules and cloud environments (AWS, Azure), focusing on preventing misconfigurations before they're deployed
  • Incident Response and Operations: Participate in the team's on-call rotation, including out-of-hours coverage to support platform availability and security, assist in troubleshooting critical issues, lead the response for security-specific incidents, drive post-mortems focused on learning and preventing recurrence
  • Build a Secure "Paved Road": Seamlessly integrate and orchestrate security testing (SAST, DAST, SCA, container scanning) into developer workflows
  • Enable Vulnerability Remediation: Develop tools and processes to help engineering teams triage, prioritise, and remediate vulnerabilities
  • Implement Platform-Level Detection: Leverage our cloud security and observability platforms to build robust, automated threat detection and response capabilities for the platform itself
  • Be a Security Partner: In partnership with Infosec team, act as a primary security consultants for our developers, provide expert guidance on secure coding (Elixir, TypeScript/Node, Python), secret management, and securing our event-driven architecture and AI services
  • Govern Emerging Technologies: Help architect and implement our AI Management System, ensuring our innovative AI services are built on a secure foundation that meets governance standards like ISO42001
What we offer
What we offer
  • Time off - 27 days holiday, plus 5 additional days off: 1 life event day, 2 volunteer days, 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year
  • Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Wellhub and access to Spill - all in one mental health support
  • Hybrid work offering - for most roles we collaborate in the office three days per week
  • Work-from-anywhere scheme - you'll have the opportunity to work from anywhere, up to 10 days per year
  • Space to connect: Beyond the desk, we make time for weekly catch-ups, seasonal celebrations, and have a kitchen that’s always stocked!
  • Fulltime
Read More
Arrow Right
New

Lead Application Security Architect

The Application Security Architect is a senior, influential role responsible for...
Location
Location
United Kingdom; Sweden; Poland , London; Stockholm; Łódź
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in technology, with at least 7 years in a dedicated application security or product security role
  • Demonstrated experience designing and implementing a Secure SDLC in a cloud-native environment (GCP, AWS)
  • Hands-on experience with the architecture and strategy of AppSec tools (e.g., Snyk, Checkmarx, Veracode,)
  • Experience with securing microservices architectures, APIs, and modern web/mobile applications
  • Experience with securing AI/ML systems
  • A Bachelor’s degree in a relevant field or equivalent professional experience
Job Responsibility
Job Responsibility
  • Champion and orchestrate the definition of Arrive’s global Secure Software Development Lifecycle (SSDLC), from threat modeling to secure release, in close partnership with key stakeholders across Engineering and IT
  • Develop and maintain a comprehensive set of global security standards, baselines, and guidelines for secure coding, vulnerability management, and secure architecture
  • Create and champion the strategy for our application security tooling, including SAST, DAST, IAST, and Software Composition Analysis (SCA)
  • Define and manage the application security standards for Mergers & Acquisitions, establishing clear requirements and guiding the architectural integration of acquired technologies
  • Act as a lead security consultant and strategic partner for product and engineering teams, providing expert guidance on secure design patterns and vulnerability remediation
  • Forge a dynamic partnership with the Platform Security team: co-design the security tooling roadmap, consume their platforms where they meet global standards, and introduce new architectural patterns where needed
  • Lead security architecture reviews and threat modeling sessions for new applications and high-risk features
  • Act as a senior mentor and advocate for security engineers and champions across the organization, helping to grow our security talent
  • Stay at the forefront of emerging application security threats, with a particular focus on the risks associated with AI/ML systems
  • Collaborate with Data & AI teams to develop security principles and architectural patterns for securely integrating AI into our products
  • Fulltime
Read More
Arrow Right