Information Security Engineer - US App

本ポジションは日本語JDの用意がありません。

Information Security Engineer - US App

• Employment Status:　Full-time
• Work Hours: Full Flextime (no core time)

• Office: Roppongi

For more details, see the Overview of Our Positions section on our Careers site.

About Mercari

Circulate all forms of value to unleash the potential in all people

"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential. For more information about Mercari Group’s mission, see Mercari’s Culture Doc

Organization/Team Mission

Mercari Engineering Principles  

Mercari Engineering Principles are a shared understanding that serves as the foundation of engineering beliefs and behavior at Mercari. The Engineering Principles are designed to complement the organizational identity (Mercari’s mission, values, and culture) from an engineering viewpoint. 

These principles ultimately help us achieve Mercari’s mission by defining the ideal state we seek to realize in the long term. 

• Passion For The Product
• Grow Together
• Solve Through Mechanisms
• Collaborate Openly

For more details, please see the following link:

• Engineering Culture

In the Information Security team supporting Mercari’s US business, we work across security, engineering, and corporate functions in Japan and the US to strengthen the security foundations that protect systems, data, and operations. This role helps connect US security priorities with Mercari’s broader security capabilities in Japan, translating business needs, security risks, and compliance expectations into practical technical outcomes.

This position is ideal for a strong security generalist with an engineering mindset. You will work across multiple domains—including security operations, enterprise security, platform and cloud security, and AI security—and improve security posture through technical depth, collaboration, and automation.

See here for more information about our mission and values.

Work Responsibilities

In this role, you will support Mercari’s US business from Tokyo and act as a technical bridge between Mercari US and Japan-based teams across security, engineering, and corporate functions. You will partner closely with US security leadership to drive tactical execution, coordinate operational work, and help ensure that US business requirements are reflected in Mercari’s security controls and processes.

We embrace the “security as code” philosophy, meaning successful candidates are expected to improve security through engineering, automation, and durable mechanisms rather than manual processes alone.

- Serve as a technical representative for Mercari US and coordinate with teams across security operations, vulnerability management, enterprise security, platform security, and related functions.

- Translate US security priorities, technical requirements, and governance/compliance needs into actionable implementation plans, control improvements, and remediation tasks.

- Drive follow-through on security work that impacts the US business, including detection and response workflows, vulnerability management, hardening activities, and security control validation.

- Partner with engineering teams to review architectures, identify security gaps, and improve the security of applications, cloud environments, networks, endpoints, identity systems, and supporting infrastructure.

- Help define and improve security standards and technical controls across areas such as IAM, endpoint security, logging and monitoring, DLP, network security, cloud security, and AI-enabled workflows.

- Build and maintain automation, integrations, dashboards, and reporting mechanisms that reduce manual effort and improve operational visibility, accountability, and speed.

- Support threat modeling, risk assessments, and security reviews for systems, projects, and business initiatives relevant to Mercari’s US business.

- Support audit and compliance-related activities by helping translate requirements into technical controls, evidence, remediation plans, and operational improvements.

- Communicate risks, trade-offs, and status clearly to stakeholders in Japan and the US, and drive progress through technical credibility, ownership, and strong cross-functional collaboration.

Unique Challenges

Cross-regional execution:

- Work effectively across teams in Japan and the US, navigating different working styles, time zones, and ownership models to drive consistent security outcomes.

- Influence and coordinate across multiple teams, even when the work is executed through partnership rather than direct reporting lines.

Broad security scope:

- Operate across several security domains, including security operations, enterprise/IT security, platform and cloud security, vulnerability management, and AI security.

- Balance hands-on tactical execution with the ability to understand broader architectural, operational, and business context.

US business and compliance context:

- Support security initiatives that must satisfy US business expectations, governance requirements, and external compliance obligations while aligning with Mercari’s broader security standards.

- Help identify control gaps, operational bottlenecks, and ownership gaps, then work with partner teams to resolve them pragmatically.

Automation and mechanisms:

- Improve security through engineering, automation, and repeatable workflows rather than through manual coordination alone.

- Create scalable mechanisms for reporting, escalation, remediation tracking, and cross-team accountability.

Qualifications

• Required Experience/Skills
• - Bachelor’s degree or equivalent practical experience in cybersecurity, computer science, information systems, or a related field.
• - Strong understanding of core security concepts such as least privilege, defense in depth, authentication and authorization, network segmentation, incident response, and secure system design.
• - Hands-on experience in multiple security domains, such as security operations, vulnerability management, IAM, endpoint security, network security, cloud/platform security, enterprise security, or application security.
• - Ability to understand and discuss security, IT, networking, infrastructure, and software engineering topics with specialists across different teams.
• - Experience partnering with engineering or operational teams to design, implement, or improve technical security controls.
• - Experience programming or scripting with one or more languages, such as Python, Go, or JavaScript, and familiarity with shell scripting and automation workflows.
• - Familiarity with modern engineering and operations practices, including Git, CI/CD, Infrastructure as Code, and ticket-driven workflows.
• - Experience using common security platforms such as SIEM, EDR, IAM, vulnerability scanners, cloud security services, or similar tools.
• - Experience performing technical risk assessments, threat modeling, or security reviews and driving remediation with partner teams.
• - Basic understanding of AI/LLM security risks and common control themes for enterprise AI tools or agentic workflows.
• - Strong written and verbal communication skills and the ability to collaborate effectively in a diverse environment.

• Preferred Experience/Skills

• - Experience in a role that bridged security and engineering across regional or global organizations.
• - Experience working with US-based stakeholders, companies, or business operations, with an understanding of US security governance, audit, or compliance expectations.
• - Experience supporting US regulatory, audit, or governance requirements such as PCI DSS, privacy, SOC 2, SOX-related controls, or similar frameworks.
• - Experience with enterprise security technologies such as Okta, MDM, EDR, DLP, email security, or device management platforms.
• - Experience with cloud and platform security in environments using AWS, GCP, Azure, containers, or modern developer platforms.
• - Experience collaborating closely with SOC functions, incident response, threat detection, or attack-based hardening activities.
• - Experience building security automation, integrations, metrics, or dashboards that improve operational visibility and execution speed.
• - Familiarity with AI security guidance such as OWASP AI/LLM Top 10, OWASP guidance for agentic applications, NIST AI RMF, or similar frameworks.
• - Ability to communicate in Japanese in a business environment.

• Language 
• Japanese: CEFR - B1 (preferred) 
• English: CEFR-B2 (Required)

　　　　　 Japanese: Preferred

　　　　　 English: Native proficiency or Independent (CEFR-B2) or above

　For details about CEFR, see here.

　 　

Learn More About Mercari Group

• Careers site: https://careers.mercari.com/en/   
• Mercan: https://mercan.mercari.com/en/  
• Social media: X / Linkedin 
  
  　

Recruiting at Mercari

At Mercari Group, we value empathizing with and embodying the mission and values ​​of the Group and each company. To promote the creation of an organization that maximizes the total amount of value exhibited by all members, we would like to understand the experience and skills of each candidate as accurately as possible.

Recruiting cycle at Mercari Group

• Application screening
• Skill assessment: For engineering positions, you will be asked to complete a skill assessment on HackerRank or GitHub. For non-engineering positions, you may be asked to complete an assessment depending on the position. (The timing of the assessment may coincide with the interview process.)
• Interview: The number of interviews may vary depending on the position.
• Reference check: We will ask for online references around the timing of the final interview.
• Offer: Offers will be determined carefully in consideration of the final interview and the reference check.

　Learn more about our recruiting process here.

　

Equal Opportunity Hiring

Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Inclusion & Diversity is essential for us to achieve our mission.

This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background. For more details, please read our I&D statement.

Please read and acknowledge our Privacy Policy prior to submitting your application.