AppSec & Mobile Cybersecurity Lead

About the role

Cybersecurity is everyone's responsibility, but our security team leads the charge on solving some of the most challenging and consequential problems facing our organization and industry. As a fintech company operating within a larger corporate group, we navigate a dynamic regulatory landscape while integrating our security program with our parent company's broader initiatives. The AppSec & Mobile Cybersecurity Lead is responsible for designing, implementing, and scaling security across Paidy's iOS and Android applications, mobile APIs, and backend services. This role hardens the systems that power our consumer and merchant experiences by embedding security into the software development lifecycle, building automation that scales with engineering velocity, and staying ahead of an evolving threat landscape that now includes AI-driven attacks and AI-generated fraud. The successful candidate will collaborate closely with mobile engineering, platform, and compliance teams, as well as external auditors and our parent company's security teams. Key Role & Responsibilities Application & Mobile Security Architecture: Define and enforce application and mobile security standards across iOS/Android apps, mobile APIs, backend services, and the SDLC Lead AppSec and mobile security architecture, ensuring strong access controls, secure data handling, resilient client-server interactions, and appropriate platform-level protections Partner with mobile and backend engineering teams to design secure-by-default services that balance usability, fraud and abuse resistance, and privacy requirements Conduct threat modeling to proactively identify and mitigate risks across the mobile and application stack Own the design and security of REST and GraphQL APIs, with a solid command of the OAuth2 protocol and mobile authentication flows CI/CD Security & Automation: Build and scale security testing within CI/CD pipelines: SAST, SCA, DAST, secrets scanning, container scanning, IaC checks, MAST, binary analysis, and SBOMs for mobile build infrastructure Integrate security gates into CircleCI and GitHub workflows, ensuring security findings are surfaced early and tracked to resolution Build custom security tooling to automate recurring security validation, coverage measurement, and control verification tasks Own container image and runtime scanning across mobile and application build infrastructure Vulnerability Management & Threat Landscape: Own the vulnerability management lifecycle for applications and mobile: triage SLAs, risk ratings, remediation guidance, verification, and recurring root-cause fixes through secure coding patterns and hardened libraries Monitor the mobile and application threat landscape (e.g. OWASP MASVS/MSTG, OWASP Top 10, API threats, and mobile fraud patterns) and translate intelligence into actionable engineering priorities Track and respond to emerging AI-era threats including LLM and agent supply chain attacks, prompt injection, model abuse in integrated AI features, and AI-generated fraud patterns targeting mobile payment flows Communicate vulnerability risk and remediation posture clearly to engineering teams and security leadership Compliance Support: Support audit and compliance programs including SOC 2 (Type 1 and Type 2), ISO 27001, the Japan Act on the Protection of Personal Information (APPI), and the Japan Installment Sales Act (割賦販売法) Provide AppSec and mobile security evidence, control mapping, and remediation tracking in support of internal and external audits led by the GRC & Cybersecurity Lead Develop and maintain secure coding standards and application security policies in collaboration with engineering and compliance stakeholders Engineering Enablement & AI-Augmented Tooling: Mentor engineering teams on secure design patterns, mobile hardening, and threat-aware development Build and maintain security automation using

Additional Information

About Paidy Inc. Paidy is Japan's pioneer and leading BNPL service company. At Paidy, we believe in creating simple, instant experiences to take the hassle out of shopping with a touch of magic. Paidy offers instant, monthly-consolidated credit to consumers by removing hassles from payment and purchase experiences. Paidy uses proprietary models and machine learning to underwrite transactions in seconds and guarantee payments to merchants. Paidy increases revenue for merchants by reducing the number of incomplete transactions, increasing conversion rates, boosting average order values, and facilitating repeat purchases from consumers. Paidy has reached an agreement to join PayPal, the global payments company. Paidy will continue to operate its existing business, maintain its brand and support a wide variety of consumer wallets and marketplaces by providing convenient and innovative services. Paidy continues to innovate to make shopping easier and more fun both online and offline. For more information, please visit http://www.paidy.com.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at paidyinc? Share your experience