PayPay, a fintech company with over 69 million users in about 6 years, is seeking a CSIRT Engineer. The company, composed of diverse members from over 50 countries, is still in a growth phase. The role involves actively working to promote cashless payments and a financial life platform in Japan, collaborating with Paytm's customer-centric technology. The CSIRT unit is responsible for investigating and overseeing security incidents like information leaks and phishing attacks, aiming for zero security incidents amidst increasing monitoring points due to new services and employee growth.

Must Have

• CSIRT (Computer Security Incident Response Team) operations
• Alert analysis (Tier2)
• Threat hunting through integrated log analysis
• Design and improvement of rules for security-related systems and tools
• Vulnerability information collection, dissemination, and response promotion
• Information exchange and cooperation with internal and external related organizations, companies, and associations
• Strengthening cyber resilience using threat intelligence
• Forensic investigation and malware analysis
• Investigation and response to phishing sites
• Practical experience in cybersecurity (2 years or more)
• Experience in coordination with multiple departments or equivalent communication skills

Good to Have

• English communication skills (conversational or higher, emphasis on reading and writing)
• Understanding, building/operating experience regarding cloud services (AWS, GCP, etc.)
• Work experience at financial institutions, payment companies
• Knowledge of NIST Cybersecurity Framework
• Knowledge of MITRE ATT&CK
• Experience in forensic investigation and malware analysis

Perks & Benefits

• Annual paid leave (14 days in the first year, prorated by joining month, usable from joining date)
• Personal leave (5 days per year, 3 or 5 days in the first year depending on joining month, for self/family/pet illness/injury/hospital visits)
• Social insurance (health insurance, welfare pension, employment insurance, worker's accident insurance)
• Defined contribution pension plan
• Super flex-time system (no core time)
• Special bonus (incentive) once a year based on company performance and individual contribution
• Overtime work allowance, late-night work allowance
• Part of salary can be received via PayPay account (supports digital salary payment)

CSIRT Engineer

About PayPay

PayPay, a fintech company that has surpassed 69 million users in approximately 6 years since its service launch in 2018, is currently comprised of diverse members from over 50 countries and regions. Although the number of employees already exceeds several thousand, the company is still in a growth phase and is "incomplete." In providing "PayPay," we collaborate with Paytm, India's largest payment service provider, leveraging their customer-centric technology to build and expand smartphone payments in Japan.

Our biggest rival is "cash." We are looking for colleagues who are passionate about tackling this difficult challenge positively, refining our product at an overwhelming speed that cannot be imitated by others, and professionally driving the widespread adoption of cashless payments in Japan and its use as a financial life platform. We seek individuals who can proactively identify challenges and collaborate with others to create new value.

About the Role

Introduction to the CSIRT Unit

This team's mission is to investigate and oversee security incidents and events such as information leaks and phishing attacks, and related investigations. The team members have diverse backgrounds, primarily including incident response specialists, network engineers, and log monitoring engineers for SIEM, etc. Many also have experience in the security industry and are leveraging their knowledge to promote advanced security measures.

• Aiming to be the No. 1 safe and secure fintech company - CISO speaks
• CSIRT Engineer supporting PayPay's incident response
• Introducing PayPay's top-tier CISO Office

Background of Recruitment

As new services, applications, and features expand, and as the number of employees and supply chains increases, monitoring points are growing. While we are strengthening the systematization of monitoring processes, it is urgent to confront and address various threats in line with the growth of our services and company. Therefore, we are looking for colleagues who can strongly promote a zero-security-incident environment and support PayPay.

Specific Job Responsibilities

As the department responsible for legal and compliance, you will be in charge of internal information security tasks required for PayPay's business development. Specific tasks are as follows:

• CSIRT (Computer Security Incident Response Team) operations
• Alert analysis (Tier2)
• Threat hunting through integrated log analysis
• Design and improvement of rules for security-related systems and tools
• Vulnerability information collection, dissemination, and response promotion
• Information exchange and cooperation with internal and external related organizations, companies, and associations
• Strengthening cyber resilience using threat intelligence
• Forensic investigation and malware analysis
• Investigation and response to phishing sites

Appeal of this Position

• You can maximize your experience and knowledge to produce many outputs in a short period.
• You can gain experience in designing and modeling attack predictions through threat intelligence and threat analysis.
• There are opportunities for collaboration, skill acquisition, cooperation, and job changes with SOC and Red Teams.

Required Experience/Skills

• Practical experience related to cybersecurity (2 years or more)
• Experience in coordination with multiple departments, or equivalent communication skills

Desirable Experience/Skills

• English communication skills (conversational or higher, emphasis on reading and writing)
• Understanding, building/operating experience regarding cloud services (AWS, GCP, etc.)
• Work experience at financial institutions, payment companies
• Knowledge of NIST Cybersecurity Framework
• Knowledge of MITRE ATT&CK
• Experience in forensic investigation and malware analysis

What PayPay Looks for in a Person

• Individuals who align with PayPay 5 senses

Treatment and Conditions

Employment Type

• Full-time employee

Work Location

• Hybrid Workstyle (office, home, or satellite office for remote work)
• *You will work from the office/remotely according to the rules and work instructions of your affiliated organization.

Working Hours

• Super flex-time system (no core time)
• Principle: 9:00 AM - 5:45 PM (7 hours 45 minutes actual work + 1 hour break)

Holidays

• Saturdays, Sundays, public holidays, year-end and New Year holidays, and company-designated days

Leave (Statutory Leave and Company Benefits)

• Annual paid leave (14 days in the first year, prorated by joining month. Usable from joining date)
• Personal leave (5 days granted each year / 3 or 5 days granted in the first year depending on joining month)
• *PayPay's unique special paid leave system, which can be used for illness/injury/hospital visits for yourself, family, or pets.

Salary

• Annual salary system (includes a portion of fixed overtime pay)
• Determined according to company regulations based on experience, skills, performance, and contribution
• Reviewed once a year
• Special bonus (incentive) paid once a year based on company performance and individual contribution
• Overtime work allowance, late-night work allowance available

• *A portion of the salary can be received via PayPay account (supports digital salary payment)

Benefits

• Social insurance (health insurance, welfare pension, employment insurance, worker's accident insurance)
• Defined contribution pension plan

Other Information:

• PayPay Inside-Out (Corporate Blog) /JP
• PayPay Inside-out (Corporate Blog) /ENG
• PayPay Product Blog /JP
• PayPay Product Blog /ENG

Apply for this position