IT & Security Engineer (Senior)

[About StudioXID] 

ProtoPie  is the easiest interactive prototyping tool for all digital products. Designers can turn their UI/UX design ideas into highly interactive prototypes for mobile, desktop, web, and beyond, exploring, validating, and testing design solutions with production-like prototypes—without coding.

ProtoPie is widely used by leading companies worldwide, including Google, Microsoft, Meta, Nintendo, BMW, Samsung, Tencent, Reddit, Bytedance, and Disney. It was ranked the No.1 Advanced Prototyping Tool in the UX Tools 2022 Design Tools Survey.


Studio XID는 "디지털 제품의 인터렉션을 쉽고 효과적으로 전달한다" 라는 목표를 가지고 ProtoPie(프로토파이) 및 관련 서비스를 제작하고 있습니다.

ProtoPie는 디자이너가 접근하기 쉬운 개념 모델을 가지고 있어 코딩 없이도 빠르고 정교한 프로토타입을 만들 수 있습니다. 디자이너의 아이디어를 실제로 만들어주고, 보다 효율적인 커뮤니케이션을 가능하게 하는 비전을 가진 제품 입니다. 2022년 Design Tools Survey에서 Advanced Prototyping 부문 1위로 선정되었습니다.

Google, Microsoft, Meta, Nintendo, BMW, Samsung, Tencent, Reddit, Bytedance, Disney 등 전세계 유수 기업의 디자이너들이 실무에서 ProtoPie를 사용하고 있습니다.

Role Summary


We are looking for an IT & Security (Senior) to join our team in managing and improving ProtoPie’s company-wide security posture. In this hands-on role, you will work alongside our team to oversee everything from internal IT software and assets (macOS) to securing our cloud production infrastructure and product code. You will play a key role in maintaining and expanding our certifications, such as ISO 27001, ISO 27701, and TISAX, while ensuring that security is integrated into our business processes and company culture. Additionally, you will help provide technical assurance to our global enterprise clients, demonstrating that our security standards meet their strict requirements for protecting prototyping data.

Key Objectives:

  1. Workplace IT & Identity Management: Collaborate on establishing a secure internal environment by managing our software ecosystem, macOS fleet, and centralized identity and access systems.
  2. Customer Trust & Technical Assurance: Act as the technical ambassador to our global enterprise clients, successfully demonstrating our security posture to ensure they can confidently use our platform.
  3. Infrastructure & Network Security: Work with the team to harden cloud environments (AWS/GCP). Collaborate with our SREs and backend engineers to manage network security design, firewalls, monitoring, permissions & authentication, and encryption, to ensure a robust architecture for our production services.
  4. Security Operations & Monitoring: Build proactive detection and response capabilities through comprehensive monitoring, automated log analysis, and robust secret management.
  5. Product Security & Testing: Help coordinate security testing for our products. This includes testing the security of new features, managing external penetration tests, overseeing vulnerability disclosures, and supporting the engineering team with security & privacy.
  6. Internal Governance & Process: Secure the human side of the business by hardening internal workflows, leading company-wide security awareness, and maintaining our global compliance certifications.


Responsibilities

  • Identity & Assets: Configure and maintain Okta, Google Workspace, Kandji/Iru (MDM), and other company-wide tools. Manage OS security (e.g. SentinelOne), software distribution, and SSO integrations for all team members.
  • Cloud & Network Hardening: Manage AWS/GCP security configurations, including WAF rules, Network Security Groups, DNS/DMARC, encryption, and IAM permissions.
  • Customer Engagement: Complete security questionnaires and lead technical calls with enterprise security teams to resolve concerns and provide evidence of our compliance.
  • Detection & Tooling: Optimize security tooling such as AWS GuardDuty and Inspector. Improve our SIEM visibility, manage tokens/secrets, and leverage automation or AI for log processing and incident detection.
  • Security Testing: Test the security of new product features using tools such as Burp Suite, coordinate third-party penetration tests and oversee that engineers mitigate the findings, manage the vulnerability disclosure process, assist developers with privacy & security related topics, and arrange secure coding training for our developers.
  • Audits & Internal Process: Gather technical evidence for ISO 27001/27701, TISAX, and GDPR audits. Review internal business processes for security gaps and conduct organization-wide security awareness training.

Requirements

Must

  • Verbal/written communication skills in both English and Korean.
  • Bachelor’s degree or equivalent professional experience in IT/security.
  • 5+ years of experience in an IT, cybersecurity, pentesting, infrastructure/DevOps, backend, or other suitable technical role with a connection to security.
  • Strong general technical skills with an affinity for IT/security solutions and the ability to quickly pick up new tools.
  • Strong fundamental understanding of the core concepts that drive security.
  • Capacity to embrace change and quickly adapt to new situations or changes in direction.
  • Ability to work in a self-directed environment that is highly collaborative and cross-functional.

Plus

  • Professional experience at SaaS companies.
  • Strong Plus: Experience with securing or managing cloud production infrastructure with modern tools such as Kubernetes, Docker, related CI/CD integrations (e.g., GitHub), and token management.
  • Experience with any of our core stack: AWS, GCP, Kandji or other MDM solutions, Okta, Google Workspace, SentinelOne, and SIEM solutions.
  • Experience or affinity with coding (e.g., TypeScript/JS, HTML, Python). Coding experience is not strictly required, but it helps with understanding potential product security issues.
  • Experience applying AI in a secure way to automate repetitive processes without increasing risk.
  • Familiarity with AppSec topics (OWASP Top 10) or penetration testing.
  • Any experience with security certifications and audits (SOC2, ISO 27001, TISAX, GDPR).
  • Experience in senior stakeholder management and working across various parts of an organization.

[How We Work]

Team ProtoPie Works with 5 Company Values

1. Autonomy & Responsibility

We respect everyone's autonomy while taking responsibility for freedom and for judgment between right and wrong for the company.

2. Communication & Trust

We share information, communicate transparently, and build trust with our colleagues and customers.

3. Integrity

We draw a line between personal and professional lives and work with high moral standards.

4. Global Citizenship

We respect each cultural trait and always consider the global market in work.

5. Team Player

We collaborate with colleagues, help others actively, and respect others' professionalism and authority.


[Benefits and Welfare]

1. Welcome Awards

For new joiners, we support KRW 1,000,000 for buying personal peripherals and items for better work efficiency.

- Desk, Chair, Tablet PC, Mobile, Smartwatch, etc.

2. Education Benefits

We believe that members’ growth and happiness lead to the team’s growth. We support members in buying books and taking classes they want: language, instrument, anything you want to learn.

3. Healthcare Benefits

We understand that our people can bring their best selves to work when they and their families are taken care of.

- Medical check-ups, Gym, Physical activities, Vision care, Medical treatment(pets included)

4. Internet & Communication Benefits

We support internet and mobile expenses to enrich our remote working environment.

5. Congratulations & Condolences

We support members’ life events both in joy and in sorrow.


[Working Arrangements]

  • Flexible working hours (Generally from 10 AM to 7 PM KST in HQ).
  • Full-time position (during the first 3 months—the probation period, the employee will receive 100% of their salary).
  • HQ: Gangnam, Seoul, South Korea


[Hiring Process]

  • Submit resume or CV > 1st Interview > 2nd Interview > 3rd Interview > decision and negotiation.
  • Interview process may be slightly changed depends on the position.
  • Employment will be terminated if you are found to have falsified information on your resume and portfolio.

StudioXID is dedicated to cultivating a diverse and inclusive workplace. We highly value diversity in our workforce and do not discriminate in our hiring or promotion practices based on race, religion, color, national origin, gender, gender identity or expression, sexual orientation, age, marital status, veteran status, disability, pregnancy (including breastfeeding), parental status, or any other characteristic protected by law.

As a global company, English proficiency is required for all roles to ensure smooth communication and collaboration across our international teams, unless otherwise stated in the job postings.

If you have any questions, please feel free to reach us at job@protopie.io


COO/CFO

Seoul, South Korea

Share on:

Terms of servicePrivacyCookiesPowered by Rippling