Security Specialist (CISO Office - Tokyo)
Review the role details and submit your application.
Gallery
Overview
Overview
At Money Forward, we develop a wide range of popular services, including our automated personal financial management tool "Money Forward ME" and the "Money Forward Cloud" suite for businesses. Our ecosystem is powered by advanced technologies such as "Account Aggregation" and our single sign-on system, "Money Forward ID."
As our services handle sensitive financial data, we maintain the highest standards of security. The CISO Office works closely with our business units to ensure and enhance the security of our products. This includes the governance and visualization of major cloud platforms like AWS and GCP, as well as the design, implementation, and operation of common security features such as WAF. Additionally, the CISO Office is responsible for strengthening the security of our internal information systems.
To provide a safe and secure experience for even more users, we are looking for a Security Specialist to join our team.
Responsibilities
- In this position, you will leverage your knowledge and experience in coding and infrastructure to maintain and enhance the security of Money Forward in collaboration with developers and IT infrastructure teams. Key initiatives include:
- Establishment of security guardrails for AWS, Azure, and GCP environments.
- In-house security consulting: Providing technical advice and architecture reviews for our developers.
- Vulnerability assessments and penetration testing: Performing or supporting security evaluations.
- Vulnerability intelligence: Collecting and verifying vulnerability information, including OSINT.
- Security tool development: Developing tools and scripts to automate or enhance security.
- Framework implementation: Implementing and deploying security frameworks such as NIST CSF and CIS Controls.
- DevSecOps implementation: Integrating security into modern development workflows (K8s, Docker, CI/CD).
Required Skills
- Foundational understanding of computer science (networking, OS, data structures, and cryptography).
- Experience in software development with at least one programming language, or hands-on experience practicing Security by Design.
- Business-level English communication skills.
- Knowledge or experience in any of the following areas:
- Vulnerability assessment or Penetration testing
- Forensics, malware analysis, or incident response
- Cloud security or Architecture reviews
- Building and operating DevSecOps workflows
- Implementation of security solutions (e.g., WAF, IDS/IPS, SIEM)
Preferred Skills
- Business-level Japanese communication skills.
- Experience participating in CTFs, bug hunting, or obtaining CVEs.
- Relevant certifications such as CISSP, CISM, OSCP, or GCIH.
- Deep understanding of Authentication and Authorization (e.g., OIDC, OAuth).
- Experience in security-related operations within the Financial or Fintech industry.
- Experience in AI development or using AI tools to improve development processes.
- Language Requirements
- English: Business level
- Work Environment
- At Money Forward, we provide an environment where we can create world-class services together, and we are looking forward to welcoming you.
- Provided PC Specs: Latest CPU-equipped PC (MacOS or Windows). Custom-made PCs tailored to business requirements are possible.
- Systems to Enhance the Development Environment: Peripheral devices (displays, mice, keyboards) can be purchased as office supplies.
- Money Forward Library: A library system where you can freely borrow or request books at the company's expense.
- Referral Driven: Coverage for recruitment meals and a referral reward system.
- Conference Participation Support: Partial coverage for domestic and international conferences like RubyKaigi and Google I/O.
About Money Forward
Our mission is to "Maximize the value delivered to our customers through security." We define and create the ideal security state for the entire Money Forward Group.
Preventing service downtime and information leakage is, of course, critical. However, that is only one part of what we value. Excessive security measures can slow down development, potentially reducing or delaying the value we provide to our customers. As security professionals, we constantly ask ourselves how we can maximize customer value and implement the most optimized security solutions to achieve that goal.
Security Principles
Embedded security in business strategy: We design security measures in alignment with business strategies, taking into account the current business phase, costs, and potential loss in the event of a risk.
Advanced balancing between security and experience: Over-securing can compromise user convenience. We assess risks to achieve a sophisticated balance between convenience and security, actively promoting automation and autonomous systems.
Autonomous and scalable organization of security: Each development department must be able to build secure services autonomously. The CISO Office focuses on building the frameworks and support necessary to enable this autonomy.
Quick Facts
Submit your application for this role at Money Forward.