【REMOTE】Product Security Engineer

About PayPay / PayPayについて
▼About PayPay
PayPay, a fintech company, that achieved more than 36M users within around 2 years since its launch in 2018 has hugely diversified employees who are from 35 different countries. The number of employees by now is more than 1,000 staff members, and yet the company is still incomplete and at a growing stage.

To build "PayPay", we allied with Paytm, the biggest payment service company in India. Based on their customer-first technologies , we created and expanded the smartphone payment service in Japan.

Our biggest competitor is "cash". We are seeking for people who can accept this challenge positively, brush up the product at a tremendous speed that other companies could never achieve, and who are passionate about promoting and spreading such a financial life platform in a short time along with professionalism.

About our working style, we had introduced a new personnel system called WFA (Working From Anywhere*). At PayPay, we work fully remotely in Japan. Therefore, the working place or your living place doesn't matter. Even if you are living in a local area, the salary and benefit package will be at an international level while you enjoy working with world class colleagues. You will find such a way of working at PayPay!
*This WFA policy is applicable only within Japan.



また、働き方に関してもWFA(Working From Anywhere)制度など、新しい人事制度を採り入れてます。当社は基本的にフルリモートでの勤務となる為、勤務場所や現在の居住地は問いません。 地方に暮らしながらも国際都市水準の給料・福利厚生を得ながら、世界レベルの仲間と仕事をする。 そんな働き方もPayPayでは実現できます。
Job Description / 業務について
PayPay is looking for a Product Security Engineer to work on our payment system to deliver the best payment experience for our customers.

* Security architecture reviews of existing and upcoming projects.
* Acting as both a builder and a breaker by creating tools to help engineers write more secure code and performing penetration tests of public and internal applications.
* Working in a fast paced environment where projects and prioritization may change frequently, security will always remain.
* Participate in setting up a Bug Bounty program, writing proof of concepts, assessing risk, communication with external reporters.
* Implementing and maintaining technologies for security, such as vulnerability testing, logging, monitoring and incident responses.


* 既存および新規プロジェクトのセキュリティ・アーキテクチャーのレビュー。
* エンジニアがより安全にコーディングができるツールを作成したり、パブリック・アプリケーションや社内のアプリケーションの侵入テストを実行するなど、セキュリティ構築者・破壊者としての役割。
* プロジェクトや優先順位の変化が激しく、スピード感のある職場環境下での、セキュリティ課題の解決
* バグ・バウンティー・プログラムの設定、概念実証、リスク評価、社外レポーターとのコミュニケーション
* 脆弱性テスト、ロギング、モニタリング、インシデント・レスポンスなどのセキュリティ技術の実装とメンテナンス

【Tech Stack /採用している技術】We select the best combination of tech at times. / その時期ごとに最適なものを選定しています。
| Python, Golang
| MySQL/AuoraDB, DynamoDB, ELK, Kafka, Redis, TiDB
| AWS, GCP, TCP Networking, SSL/TLS, Key Management Systems, Certificate Authorities
|Snyk, SonarQube, Dome9
|PlantUML, miro.com
|Slack, Zoom
Qualifications / 求めるスキル/経験
  • 3+ years of experience as a Security Engineer.
  • Experience with Linux internals and hardening
  • Must have experience in programming languages and frameworks such as Python and Bash
  • Comfortable with identifying and advising on remediation for Application Security vulnerabilities
  • Up to date with the latest developments in security
  • Development of Proof of Concept exploits


  • Linux internals、ハードニングの経験
  • PythonやBashなどのプログラミング言語やフレームワークの経験
  • アプリケーション・セキュリティ脆弱性の修正の特定やアドバイス
  • セキュリティにおける最新開発情報をキャッチし、プロダクトや実務に反映してきた経験
  • 概念実証型エクスプロイト(PoC)の開発
Preferred Qualifications / 歓迎するスキル/経験
  • CVE Contributions
  • Open Source tools contributions
  • Published papers / blogs / articles

  • CVEへの貢献
  • オープン・ソース・ツールへの貢献
  • 論文・ブログ・記事など
Portrait of a person / 必要とされる人物像
▼Six elements for the ideal candidates at PayPay

【Unparalleled speed】
Discover for yourself the important things that need to be done and implement ways to reach the best results at the fastest speed possible for the organization.

As a professional, commit to the growth and business goals of the organization and create impactful results by your ownership.

【Logical thinking】
Think logically and structurally to bring real communication.

【Curiosity and questioning mind】
Keep your curiosity about new things and your challenges along with a continuous questioning mind and enjoy such circumstances in a future-oriented manner.

【Problem solving】
Take a proper approach towards both explicit and potential business/organization challenges to lead solutions involving others.

【True opinion and communication skill】
Communicate your opinions to others in a flat manner to ensure mutual understanding and to keep things moving forward.







Location / 勤務地
Minato-ku, Tokyo, JAPAN
(Basically we work fully remotely in Japan)
PayPay Careers / 待遇・条件
• Forms of employment: Permanent Staff
• Full-remote work (stay In Japan)
• Salary: Based on experience, skills, performance and contribution.
• Salary Increase: Reviewed based on performance evaluation and PayPay's business performance.
  NOTE: In principle, you will be reviewed for a raise once in a year.
• Special Incentive : Payment based on company performance and individual contribution and evaluation (once in a year)
• Various Allowances: Overtime allowance, late-night work allowance and Work from home allowance (100,000JPY/year)
• Working Hours: In principle, from 10:00am to 18:45pm (actual working hours: 7h45m+1 hour lunch break from 12pm to 13pm in principle) NOTE: We use super flextime system which do not set core hours.  
• Days Off: Saturdays and Sundays. National holidays. Year end holidays from December 29th to January 4th.
• Holidays: Annual paid leave, congratulatory or condolence leave, maternity leave, sick/injured child care leave, family care leave and etc.
• Benefits: Social insurance (health insurance, employee pension, employment insurance and compensation insurance,) defined contribution pension system (TBC) and etc.
・給与:年棒制。経験、スキル、業績、貢献度に応じ当社規定により優遇 ※毎月25日に支給
・昇給:会社の業績と個人の評価結果を元に決定 ※年1回(原則)
・特別インセンティブ:会社業績および個人貢献度により支給 ※年1回
・勤務時間:原則、午前10時~午後6時45分(実働7時間45分+休憩時間 原則12時~13時までの1時間)※スーパーフレックス制(コアタイム無し)  
Hiring Process / 選考の流れ
1. Application Review (1-2 weeks) We review your profile based on your submitted materials.

2. Code challenge (online) We send you a code challenge after reviewing resume. Please be prepared to take code challenge after submitting your application! It takes about 1-1.5 hours max. to complete.

3. 1 - 3 Interviews (online) You will have 1 to 3 interviews with our engineers and HR.




・面接 (オンライン) 1~3回