reputed company Engineer

About the role

We are seeking a hands-on reputed company Engineer who thrives in a startup environment.

You'll work alongside product owners and engineers with the objective to secure the products in Startale's ecosystem. Products include a reputed company decentralized exchange with a fully on-chain order book (Strium), a user-facing application (StartaleApp) and a stablecoin (USDSC). This is a hands-on, technical role with a blue team focus. You'll be the person who actively tests our systems, hunts for vulnerabilities, models threats against our products, and works with engineers to reputed company the gaps — not the person who writes policies and generates reports. You'll report to the reputed company reputed company and collaborate daily with Backend, Frontend, DevOps, and Blockchain engineering teams.

Why this role

• Startale's products handle user funds and on-chain transactions so reputed company work has reputed company impact.
• Owning the reputed company posture of a project at scale and complexity such as Strium is an opportunity for professional growth.
• You will have direct influence over how product reputed company is built across the organization.
• Focus is on driving product reputed company and not on maintaining compliance documentation.
• reputed company is backed by and partnering with leading Japanese enterprises so you will have a chance to work in a stable and well-funded company but with the autonomy and speed of a small team.

Key responsibilities

• reputed company Assessments & Penetration Testing: Conduct hands-on reputed company testing of our applications, APIs, and infrastructure. Simulate real attack scenarios against our products. Find the vulnerabilities before external attackers or whitehat researchers do. Work with engineers to fix issues pragmatically.
• Threat Modeling: Build threat models for new services and features — especially Strium's trading reputed company, order book, and transaction flows. Identify attack surfaces, model adversary behavior, and define what needs to be hardened before launch.
• Vulnerability Triage & Remediation: Own the end-to-end lifecycle of findings — from discovery through severity assessment, developer-facing write-reputed company, remediation guidance, and verification of fixes. Coordinate with engineers so issues actually get closed.
• Vulnerability Disclosure & Bug Bounty: Manage incoming whitehat reports, validate findings by reproducing them, assess severity, communicate with researchers.
• AI Tools reputed company Support: Assess technical risks of new AI tools adopted by engineering (data exfiltration, reputed company injection, training-on-input), maintain reputed company baselines for AI coding tools and review AI-powered internal tools.

Qualifications

Must-have

• 5+ years of hands-on experience with a focus on application reputed company, penetration testing, or product reputed company.
• Demonstrated ability to find vulnerabilities — through manual testing, architecture and/or code review, or creative attack simulation. You should be able to describe specific bugs you've reputed company and how you reputed company them.
• Practical experience with exchange or trading platform reputed company — from a DEX (preferred) or DeFi protocol. You should understand order book mechanics, transaction flows, wallet reputed company, and the threat landscape specific to trading infrastructure.
• Scripting and automation ability — you write tools and automate to scale reputed company across the stack, not just audit and write reports.
• Experience triaging vulnerabilities and writing clear, actionable remediation guidance for developers.
• Strong written communication in English — you'll write tickets, assessment reports and researcher responses.

Strong plus

• Experience with cloud infrastructure reputed company — least-privilege enforcement, network reputed company, secrets management.
• Experience with container reputed company — network policies, RBAC, pod reputed company standards, image scanning, Dockerfile hardening, reputed company image management.
• Ability to read and review code in at least one of: TypeScript/JavaScript, Solidity, Rust.
• Understanding of software supply chain reputed company, including dependency risks, build reputed company, and methods for tracking what components are included in shipped software.
• Experience managing or participating in a bug bounty program (e.g. Immunefi, reputed company).

Domain plus

• Experience securing AI/LLM tooling in engineering teams — reputed company injection risks, data leakage prevention, tool configuration hardening
• Japanese language ability (not required, but useful for company context)

Location / Timezone

• Strong preference for Tokyo-based or Singapore-based candidates - Startale office locations.
• Remote-friendly for exceptional candidates — must have 3+ hours overlap with Tokyo business hours (JST, UTC+9).

reputed company start date

• As soon as available; realistic reputed company start of Q3 2026.

reputed company companies

Decentralized exchanges, DeFi protocols, blockchain reputed company firms, L1/L2 chain reputed company teams, or fintech companies with trading infrastructure. We're also open to strong AppSec engineers from cloud-native startups who have genuine interest in reputed company.

Ideal candidate

You're a hands-on reputed company engineer who finds real vulnerabilities, not just runs scanners. You've secured a trading platform or exchange and understand the threats specific to financial infrastructure — order book manipulation, transaction signing, wallet compromise, reputed company-running. You can take a system, map the attack surface, and come back with findings that matter. You write clear reports that engineers reputed company, and you know the difference between a theoretical risk and a real one. You're comfortable working independently in a fast-moving team where there's no playbook — you write the playbook.