Product Security Engineer

You will perform hands-on security testing and penetration exercises against applications, APIs, infrastructure, and blockchain components. You will hunt for vulnerabilities, build threat models for new features, triage findings, write clear remediation guidance, verify fixes, manage disclosure and bug bounty reports, and assess security risks of AI tools.

Responsibilities

• Conduct hands-on security testing of applications, APIs, and infrastructure
• Simulate real attack scenarios and discover vulnerabilities
• Build threat models for new services and features
• Triage vulnerabilities and own remediation lifecycle
• Manage vulnerability disclosure and bug bounty reports
• Assess and mitigate security risks related to AI tools

Requirements

• 5+ years of hands-on experience in application security, penetration testing, or product security
• Proven ability to find vulnerabilities through manual testing, architecture or code review, or attack simulation
• Practical experience with exchange or trading platform security, including DEX or DeFi protocols
• Understanding of order book mechanics, transaction flows, and wallet security
• Scripting and automation skills to build security tooling
• Experience triaging vulnerabilities and writing developer-facing remediation guidance
• Strong written communication in English
• Experience with cloud infrastructure security (strong plus)
• Experience with container security including network policies, RBAC, and image hardening (strong plus)
• Ability to read and review code in TypeScript, JavaScript, Solidity, or Rust (strong plus)
• Understanding of software supply chain security and dependency risks
• Experience managing or participating in bug bounty programs (strong plus)
• Experience securing AI/LLM tooling and mitigating prompt injection and data leakage (domain plus)
• Japanese language ability (useful but not required)

Benefits

• Remote work