Platform Security Engineer - Mercari
Minato City, Tokyo, Japan - Remote
Mercari, Inc.
Introduction
Circulate all forms of value to unleash the potential in all people
"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential.For more information about Mercari Group’s mission, see Mercari's Culture Doc.
Equal Opportunity Hiring
Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Diversity & Inclusion is essential for us to achieve our mission.
This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background. For more details, please read our D&I Statement.
Position Overview
Work Responsibilities
As a Security Engineer in the Mercari Platform Security Team, you will work to improve the resilience of the Mercari platform This is an important role within Mercari that involves executing high-stakes projects across the organization. Through these projects, you will help us ensure the integration of and compliance with security best practices, frameworks, and regulations.
Mercari follows the philosophy of “security as code”, so our security engineers are expected to automate and optimize the solutions they develop to provide a “secure by default” platform. That’s why we are looking for people passionate about automation to join our team! Specifically, you will:
- Automate security controls and monitoring.
- Develop technical solutions to help mitigate security vulnerabilities.
- Maintain technical & security standards for production and corporate infrastructure services.
- Collaborate with information security officers, the legal team, and internal auditors on technical security matters.
- Work with product engineering teams to balance security with other requirements.
- Review architecture proposals, such as infrastructure or information flows, and propose security controls to minimize risks.
Bold Challenges
- Security Engineers at Mercari are responsible for dealing with a vast array of data, logs, and dependencies. You will be able to use cutting-edge and complex cloud infrastructure systems to help us identify and address issues.
- With rapidly growing organizations and services, it is extremely important for Mercari to introduce automation and stop depending on manual work as much as possible. This is an exciting opportunity to gain experience helping us build our security systems and solve issues in a fast-paced environment.
Required Experience
- Understanding and ability to explain and apply core computer security concepts such the CIA triad, principle of least privilege, authentication vs. authorization, etc
- Experience with standard software development tools such as Git, GitHub, CI/CD tools (GitHub Actions), and shell scripting
- Programming experience with one or more programming languages including but not limited to Go, Python or TypeScript
- Experience using and configuring public cloud infrastructure platforms (GCP, Google Workspace, AWS, Azure), as well as container technologies (Docker, Kubernetes) and Infrastructure as Code (Terraform)
- Experience with UNIX-like systems (i.e. Linux, macOS) configuration, administration and hardening as well as knowledge of basic POSIX command line utilities
Preferred Experience
- 4+ years of experience in security domains
- Bachelor's degree in Computer Science or equivalent practical experience
- Familiarity with cloud and web application architecture and best practices
- Knowledge of SQL (BigQuery, Postgres, etc)
- Familiarity with applied cryptography (key management, TLS, PKIs, KMSes, etc)
- Familiarity with networking - TCP/UDP, DNS, HTTP
- Experience with configuring identity federation (OIDC, SAML)
- Familiarity with PCI or other information security or privacy standards
Recruitment process
- CV screening
- Technical test
- Interview(3 - 4 times)
- Reference check
- Offer
*We will decide based on the feedback on the final interview and the references.
*See this page for details.
Language Requirements
- English: Independent (CEFR-B2)
*For details about CEFR, see here
The Security Team is a diverse team with members from around the globe. Team members have various levels of Japanese and English proficiency and we value mutual effort, understanding, and support, and we aim to meet in the middle to make everyone feel comfortable regardless of the member’s native language.
Working Conditions
Employment Status
Full-time
- Probationary period: First 3 months after joining the company. (During this period your contract conditions will be the same as that of a permanent employee.)
Office
Roppongi
- Smoking is prohibited within our offices
- Mercari has introduced a work style policy called “Your Choice.” Each member is free to choose whether they want to work in the office or work fully remote. *Exceptions made for certain kinds of work.
Work Hours
- Full flextime (no “core time” or “flex time”)
*Does not apply to all positions
Holidays
- Two days off per week (as well as national holidays, New Year's break, etc.)
- Paid leave, congratulatory and bereavement leave, relax days, sick leave
Salary
- Annual salary paid in 12 monthly installments (including fixed overtime allowance)
- Based on skills, experience, and abilities
- Reviewed twice a year
Benefits
- Complete health and social insurance
- Incentive program
- Support systems, including those that benefit the employee’s family members
*See this page for details.
Other Support
- Relocation support
- Language learning support
- Translation/interpretation support
*See this page for details.
Media
Corporate Sites
- Mercari, Inc.
- Merpay, Inc. [Japanese]
- Souzoh, Inc.
- Mercoin, Inc.
- Mercari US
Related Articles
- Mercari’s Security Engineering Team: Taking on New Challenges and Supporting a Broad Scope of Functions Across a Flat Team Structure
- The Product Security Team: Supporting All Phases of Mercari’s Product Lifecycle
- Mercari’s Threat Detection Engineering Team—Continuously improving to provide autonomous cyber threat detection and response at scale
- Accurately Identifying Upcoming Risks: Why Mercari’s CSIRT Makes Sure to Conduct Its Own Threat Intelligence Research
- Mercari’s Privacy Office: adapting to amended laws and spreading awareness in the organization
- The CISO Office: A Deep Dive into the Background, Mission, and More of the Virtual Team Supporting Mercari’s CISO.
- Mercari Appoints Naohisa Ichihara as New CISO: Making a Mark in History with the Goal of Establishing the World’s Most Secure Marketplace
- Going Beyond Diverse to Become Borderless: The Culture of Mercari’s Security & Privacy Team
- Who Watches the Watchmen? Keeping an Eye on Our Monitoring Systems
- Security | Mercari Engineering blog
- Security | mercan
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation AWS Azure CIA CI/CD CISO Cloud Compliance Computer Science Cryptography CSIRT DNS Docker GCP GitHub Kubernetes Linux MacOS Monitoring PostgreSQL Privacy Product security Python SAML Scripting SQL Terraform Threat detection Threat intelligence TLS TypeScript UNIX Vulnerabilities
Perks/benefits: Career development Health care Insurance Relocation support
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.