Enterprise AI Security Engineer - Mercari

本ポジションは日本語JDの用意がありません。

Enterprise AI Security Engineer - Mercari

• Employment Status:　Full-time 
• Work Hours: Full Flextime (no core time)  
• Office: Roppongi

For more details, see the Overview of Our Positions section on our Careers site.

About Mercari

Circulate all forms of value to unleash the potential in all people

"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential. For more information about Mercari Group’s mission, see Mercari’s Culture Doc

Organization/Team Mission

Mercari Engineering Principles  

Mercari Engineering Principles are a shared understanding that serves as the foundation of engineering beliefs and behavior at Mercari. The Engineering Principles are designed to complement the organizational identity (Mercari’s mission, values, and culture) from an engineering viewpoint. 

These principles ultimately help us achieve Mercari’s mission by defining the ideal state we seek to realize in the long term. 

• Passion For The Product
• Grow Together
• Solve Through Mechanisms
• Collaborate Openly

For more details, please see the following link:

• Engineering Culture

See here for more information about our mission and values.

Work Responsibilities

As an Enterprise AI Security Engineer at Mercari, you will be engaged in building out the core controls to support securing a dynamic and AI centric  work environment. A key focus will be on securing internal AI agent platforms and solutions together with implementers. You will collaborate closely with the AI Taskforce, engineering, and IT teams to design and deploy secure foundations that meet stringent security requirements while maintaining minimal user friction. A major part of your strategic contribution will be the implementation of a zero-trust architecture to significantly enhance our overall security posture.

We embrace the "security as code" philosophy, meaning successful candidates are expected to automate and optimize security solutions to achieve a "secure by default" enterprise IT infrastructure. We are seeking passionate automation advocates for this role.

Unique Challenges

• Security Frameworks and Assessments:
• Develop and implement security frameworks for enterprise IT solutions and AI agents.
• Conduct risk assessments and threat modeling for enterprise IT and AI systems to identify and mitigate potential vulnerabilities.
• Design and implement technical security solutions and mitigation strategies to ensure the protection and resilience of Mercari’s IT infrastructure and internal AI agent platforms.
• Automation and Optimization:
• Automate manual processes and operational tasks across security systems.
• Focus on optimizing configurations for Identity and Access Management (IAM), Endpoint Security, AI agent platforms, and Data Loss Prevention (DLP) systems.
• Standards and Partnership:
• Establish and maintain security standards and guidelines for AI solutions and infrastructure.
• Collaborate with engineering and IT teams to secure enterprise IT systems and protect against new and evolving threats.
  
  

Qualifications

• Required Experience/Skills
• Bachelor's degree or equivalent practical experience in core cybersecurity domains related to IT.
• Understanding and ability to explain and apply core computer security concepts such as the CIA triad, principle of least privilege, authentication vs. authorization, etc.
• Experience in programming with one or more languages, including but not limited to Go, Python, or JavaScript. 
• Familiarity with standard software development tools, such as Git, CI/CD tools, IaC, and shell scripting.
• Basic understanding of core AI security principles (OWASP AI/LLM Top Ten).
• Proficiency using AI tools for day to day productivity and to accelerate dashboarding and reporting.
• Proficiency in modern Identity and Access Management (IAM) systems, like Okta, Microsoft Entra ID..
• Strong teamwork skills and the ability to collaborate with others in a diverse environment.

• Preferred Experience/Skills
• Experience working as a security architect or IT architect.
• Deep understanding of AI agent mechanisms, vulnerabilities, and attack methodologies.
• Experience in securing AI agent frameworks..
• Experience in managing Non-Human Identity (NHI) tools.
• Expertise in the security of cloud platforms (e.g.,  GCP, AWS, Microsoft Azure), especially securing multi-cloud networks and infrastructure, and designing cloud agnostic systems.
• Experience building, administrating, and improving IT security solutions (IAM, MDM, EDR, DLP, etc.)
• Familiarity with frameworks such as NIST AI Risk Management and Google’s Secure AI Framework, and OWASP Top 10 For Agentic Applications.
• Strong analytical and problem-solving skills, with an ability to think critically and objectively assess security risks.
• Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
  
• Language 
• Japanese: Bonus to have
• English: Independent (CEFR-B2)

For details about CEFR, see here.

Learn More About Mercari Group

• Careers site: https://careers.mercari.com/en/   
• Mercan: https://mercan.mercari.com/en/  
• Social media: X / Linkedin 
• How Mercari’s AI Security Team is Securing AI Native
• Removing GitHub PATs and Private Keys From Google Cloud: Extending Token Server to Google Cloud
• When Caching Hides the Truth: A VPC Service Controls & Artifact Registry Tale
• How to bypass GitHub’s Branch Protection
• Streamlining Security Incident Response with Automation and Large Language Models | Mercari Engineering 
• An Introduction to Reverse Engineering for eBPF Bytecode
• Who Watches the Watchmen? Keeping an Eye on Our Monitoring Systems
• Detection Engineering and SOAR at Mercari
• Mercari Appoints Naohisa Ichihara as New CISO: Making a Mark in History with the Goal of Establishing the World’s Most Secure Marketplace
• Going Beyond Diverse to Become Borderless: The Culture of Mercari’s Security & Privacy Team
• Security | Mercari Engineering blog
• Security/Privacy | mercan 
  
  　

Recruiting at Mercari

At Mercari Group, we value empathizing with and embodying the mission and values ​​of the Group and each company. To promote the creation of an organization that maximizes the total amount of value exhibited by all members, we would like to understand the experience and skills of each candidate as accurately as possible.

Recruiting cycle at Mercari Group

• Application screening
• Skill assessment: For engineering positions, you will be asked to complete a skill assessment on HackerRank or GitHub. For non-engineering positions, you may be asked to complete an assessment depending on the position. (The timing of the assessment may coincide with the interview process.)
• Interview: The number of interviews may vary depending on the position.
• Reference check: We will ask for online references around the timing of the final interview.
• Offer: Offers will be determined carefully in consideration of the final interview and the reference check.

　Learn more about our recruiting process here.

Equal Opportunity Hiring

Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Inclusion & Diversity is essential for us to achieve our mission.

This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background. For more details, please read our I&D statement.

Please read and acknowledge our Privacy Policy prior to submitting your application.