Platform Security Engineer - Mercari

Minato City, Tokyo, Japan - Remote

Introduction

Circulate all forms of value to unleash the potential in all people

"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential.For more information about Mercari Group’s mission, see Mercari's Culture Doc.

Equal Opportunity Hiring

Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Diversity & Inclusion is essential for us to achieve our mission.

This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background. For more details, please read our D&I Statement.

Position Overview

Work Responsibilities

As a Security Engineer in the Mercari Platform Security Team, you will work to improve the resilience of the Mercari platform  This is an important role within Mercari that involves executing high-stakes projects across the organization. Through these projects, you will help us ensure the integration of and compliance with security best practices, frameworks, and regulations.

Mercari follows the philosophy of “security as code”, so our security engineers are expected to automate and optimize the solutions they develop to provide a “secure by default” platform. That’s why we are looking for people passionate about automation to join our team! Specifically, you will:

  • Automate security controls and monitoring.
  • Develop technical solutions to help mitigate security vulnerabilities.
  • Maintain technical & security standards for production and corporate infrastructure services.
  • Collaborate with information security officers, the legal team, and internal auditors on technical security matters.
  • Work with product engineering teams to balance security with other requirements.
  • Review architecture proposals, such as infrastructure or information flows, and propose security controls to minimize risks.

Bold Challenges

  • Security Engineers at Mercari are responsible for dealing with a vast array of data, logs, and dependencies. You will be able to use cutting-edge and complex cloud infrastructure systems to help us identify and address issues.
  • With rapidly growing organizations and services, it is extremely important for Mercari to introduce automation and stop depending on manual work as much as possible. This is an exciting opportunity to gain experience helping us build our security systems and solve issues in a fast-paced environment.

Required Experience

  • Understanding and ability to explain and apply core computer security concepts such the CIA triad, principle of least privilege, authentication vs. authorization, etc
  • Experience with standard software development tools such as Git, GitHub, CI/CD tools (GitHub Actions), and shell scripting
  • Programming experience with one or more programming languages including but not limited to Go, Python or TypeScript
  • Experience using and configuring public cloud infrastructure platforms (GCP, Google Workspace, AWS, Azure), as well as container technologies (Docker, Kubernetes) and Infrastructure as Code (Terraform)
  • Experience with UNIX-like systems (i.e. Linux, macOS) configuration, administration and hardening as well as knowledge of basic POSIX command line utilities

Preferred Experience

  • 4+ years of experience in security domains
  • Bachelor's degree in Computer Science or equivalent practical experience
  • Familiarity with cloud and web application architecture and best practices
  • Knowledge of SQL (BigQuery, Postgres, etc)
  • Familiarity with applied cryptography (key management, TLS, PKIs, KMSes, etc)
  • Familiarity with networking - TCP/UDP, DNS, HTTP
  • Experience with configuring identity federation (OIDC, SAML)
  • Familiarity with PCI or other information security or privacy standards

Recruitment process

  • CV screening
  • Technical test
  • Interview(3 - 4 times)
  • Reference check
  • Offer

*We will decide based on the feedback on the final interview and the references.

*See this page for details.

Language Requirements

  • English: Independent (CEFR-B2)
    *For details about CEFR, see here

The Security Team is a diverse team with members from around the globe. Team members have various levels of Japanese and English proficiency and we value mutual effort, understanding, and support, and we aim to meet in the middle to make everyone feel comfortable regardless of the member’s native language.

Working Conditions


Employment Status

Full-time

  • Probationary period: First 3 months after joining the company. (During this period your contract conditions will be the same as that of a permanent employee.)

Office

Roppongi

  • Smoking is prohibited within our offices
  • Mercari has introduced a work style policy called “Your Choice.” Each member is free to choose whether they want to work in the office or work fully remote. *Exceptions made for certain kinds of work.

Work Hours

  • Full flextime (no “core time” or “flex time”)
    *Does not apply to all positions

Holidays

  • Two days off per week (as well as national holidays, New Year's break, etc.)
  • Paid leave, congratulatory and bereavement leave, relax days, sick leave

Salary

  • Annual salary paid in 12 monthly installments (including fixed overtime allowance)
  • Based on skills, experience, and abilities
  • Reviewed twice a year

Benefits

  • Complete health and social insurance
  • Incentive program
  • Support systems, including those that benefit the employee’s family members
    *See this page for details.

Other Support

Media

Corporate Sites

Related Articles

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  8  1  0

Tags: Automation AWS Azure CIA CI/CD CISO Cloud Compliance Computer Science Cryptography CSIRT DNS Docker GCP GitHub Kubernetes Linux MacOS Monitoring PostgreSQL Privacy Product security Python SAML Scripting SQL Terraform Threat detection Threat intelligence TLS TypeScript UNIX Vulnerabilities

Perks/benefits: Career development Health care Insurance Relocation support

Regions: Remote/Anywhere Asia/Pacific
Country: Japan

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.