Security Engineer

This is a fully remote position, open to applicants in Japan.

📋 Description

• Perform hands-on security assessments of our applications, APIs, and infrastructure. Simulate real-world attack scenarios against our products to uncover vulnerabilities before external attackers or ethical hackers can. Collaborate with engineers to pragmatically resolve issues.

• Develop threat models for new services and features, particularly focusing on Strium's trading engine, order book, and transaction flows. Identify potential attack surfaces, model adversarial behaviors, and determine necessary hardening measures prior to launch.

• Manage the complete lifecycle of findings — from discovery to severity assessment, drafting developer-facing reports, providing remediation advice, and verifying the implementation of fixes. Work closely with engineers to ensure issues are effectively resolved.

• Oversee incoming whitehat reports, validate findings through reproduction, assess their severity, and maintain communication with researchers.

• Evaluate technical risks associated with new AI tools adopted by engineering (such as data exfiltration, prompt injection, training-on-input), uphold security standards for AI coding tools, and review AI-powered internal tools.

⛳️ Requirements

• Over 5 years of hands-on experience focusing on application security, penetration testing, or product security.

• Proven track record of identifying vulnerabilities — through manual testing, architecture and/or code reviews, or innovative attack simulations. You should be able to articulate specific bugs you’ve discovered and the methods used to find them.

• Practical experience in securing exchange or trading platforms — preferably from a DEX or DeFi protocol. You should have a solid understanding of order book mechanics, transaction flows, wallet security, and the specific threat landscape related to trading infrastructure.

• Proficient in scripting and automation — capable of creating tools and automating processes to enhance security across the stack rather than merely conducting audits and generating reports.

• Experience in triaging vulnerabilities and producing clear, actionable remediation guidance for developers.

• Strong written communication skills in English — responsible for writing tickets, assessment reports, and responses to researchers.

🏝️ Benefits

• Startale's products manage user funds and on-chain transactions, making your security work impactful.

• Taking ownership of the security posture for a project of Strium's scale and complexity presents significant opportunities for professional development.

• You will have a direct influence on the construction of product security across the organization.

• The focus is on enhancing product security rather than merely maintaining compliance documentation.

• Our team is supported by and collaborates with leading Japanese enterprises, providing you the opportunity to work in a stable, well-funded company while enjoying the agility and speed of a small team.