Enterprise Security Engineer(コーポレートセキュリティエンジニア) – Mercari
- Employment Status:Full-time
- Work Hours:Full Flextime (no core time)
- Office: Roppongi
For more details, see the Overview of Our Positions section on our Careers site.
About Mercari
Circulate all forms of value to unleash the potential in all people
"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential. For more information about Mercari Group’s mission, see Mercari’s Culture Doc.
Organization/Team Mission
Mercari Engineering Principles
Mercari Engineering Principles are a shared understanding that serves as the foundation of engineering beliefs and behavior at Mercari. The Engineering Principles are designed to complement the organizational identity (Mercari’s mission, values, and culture) from an engineering viewpoint.
These principles ultimately help us achieve Mercari’s mission by defining the ideal state we seek to realize in the long term.
- Passion For The Product
- Grow Together
- Solve Through Mechanisms
- Collaborate Openly
For more details, please see the following link:
As an Enterprise Security Engineer, you will work closely with the Corporate Engineering team and production teams to lead security initiatives within the Mercari Group. This position handles a wide range of tasks, from upstream processes like assessing risks facing the corporate IT environment and defining requirements for security measures, to implementing solutions and other downstream processes. You will also work to strengthen security for the IT environment as a whole and contribute to implementing zero-trust architecture.
- Secure our infrastructure, corporate environment and services
- Identify risks and resolves issues through scalable solutions
- Maintain and update a secure enterprise platform vision and roadmap
See here for more information about our mission and values.
Work Responsibilities
As a Security Engineer in the Enterprise Security Team, you will be tasked with fortifying our dynamic, cloud-native IT environment by implementing robust security measures. Collaborating closely with the IT team, you will design and deploy secure IT solutions that adhere to our rigorous security requirements while minimizing user friction. Additionally, you will play a key role in the strategic implementation of a zero-trust architecture to further bolster our security posture.
At Mercari, we adhere to the philosophy of "security as code," which means our security engineers are expected to automate and optimize the solutions they develop to ensure a "secure by default" IT infrastructure. We are seeking individuals who are passionate about automation to join our team. Specifically, you will:
- Conduct comprehensive security assessments of Mercari's IT infrastructure to identify potential vulnerabilities and risks.
- Design and implement technical security solutions and mitigation strategies to address these issues, ensuring the protection and resilience of Mercari’s IT systems.
- Automate manual processes and operational tasks, focusing on optimizing configurations for Endpoint Detection and Response (EDR), Mobile Device Management (MDM), Data Loss Prevention (DLP), and Identity Provider (IDP) platforms.
- Develop and maintain IT & security standards for corporate IT infrastructure.
- Partner with the IT platform team to secure corporate networks and ensure robust protection against emerging threats.
Unique Challenges
- Support the freedom of employees to choose whatever work style is best for them through a cloud-native environment
- Provide active support for diverse work styles within and outside of Japan and the US.
- Work on a wide range of tasks, from upstream processes like defining security requirements to designing the company’s IT environment and actually implementing solutions
- Take on the challenge of implementing dynamic security in a rapidly-growing global organization and environment
Qualifications
- Required Experience/Skills
- Bachelor's degree or equivalent practical experience in core cybersecurity domains related to IT.
- Understanding and ability to explain and apply core computer security concepts such as the CIA triad, principle of least privilege, authentication vs. authorization, etc.
- Experience in programming with one or more languages, including but not limited to Go, Python, or JavaScript.
- Familiarity with standard software development tools, such as Git, GitHub, CI/CD tools, and shell scripting.
- Solid understanding of zero-trust architecture principles and their practical application within organizational IT environments.
- Strong teamwork skills and the ability to collaborate with others in a diverse environment.
- Preferred Experience/Skills
- Experience working as a security architect or IT architect
- Experience leading or managing teams
- Experience using and configuring public cloud infrastructure platforms (GCP, Google Workspace, AWS, Azure)
- Extensive knowledge of IT infrastructure (TCP/IP, networks, servers, authentication, directory services, endpoint management)
- Experience building, administrating, and improving IT security solutions (IAM, MDM, EDR, DLP, etc.)
- Familiarity with Infrastructure as Code (IaC) like Terraform or equivalent technology
- Familiarity with security and privacy compliance standards and regulations, such as PCI-DSS, ISO/IEC 27001, and GDPR.
- Familiarity with applied cryptography (key management, TLS, PKIs, KMSes, etc)
- Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
- Language
- English: Independent (CEFR-B2)
For details about CEFR, see here.
Learn More About Mercari Group
Recruiting at Mercari
At Mercari Group, we value empathizing with and embodying the mission and values of the Group and each company. To promote the creation of an organization that maximizes the total amount of value exhibited by all members, we would like to understand the experience and skills of each candidate as accurately as possible.
Recruiting cycle at Mercari Group
- Application screening
- Skill assessment: For engineering positions, you will be asked to complete a skill assessment on HackerRank or GitHub. For non-engineering positions, you may be asked to complete an assessment depending on the position. (The timing of the assessment may coincide with the interview process.)
- Interview: The number of interviews may vary depending on the position.
- Reference check: We will ask for online references around the timing of the final interview.
- Offer: Offers will be determined carefully in consideration of the final interview and the reference check.
Learn more about our recruiting process here.
Equal Opportunity Hiring
Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Inclusion & Diversity is essential for us to achieve our mission.
This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background.
For more details, please read our I&D statement.
Please read and acknowledge our Privacy Policy prior to submitting your application.
