As an Enterprise AI Security Engineer at Mercari, you will be engaged in building out the core controls to support securing a dynamic and AI centric work environment. A key focus will be on securing internal AI agent platforms and solutions together with implementers. You will collaborate closely with the AI Taskforce, engineering, and IT teams to design and deploy secure foundations that meet stringent security requirements while maintaining minimal user friction. A major part of your strategic contribution will be the implementation of a zero-trust architecture to significantly enhance our overall security posture.
We embrace the “security as code” philosophy, meaning successful candidates are expected to automate and optimize security solutions to achieve a “secure by default” enterprise IT infrastructure. We are seeking passionate automation advocates for this role.
Responsibilities
-
Security Frameworks and Assessments:
- Develop and implement security frameworks for enterprise IT solutions and AI agents.
- Conduct risk assessments and threat modeling for enterprise IT and AI systems to identify and mitigate potential vulnerabilities.
- Design and implement technical security solutions and mitigation strategies to ensure the protection and resilience of Mercari’s IT infrastructure and internal AI agent platforms.
-
Automation and Optimization:
- Automate manual processes and operational tasks across security systems.
- Focus on optimizing configurations for Identity and Access Management (IAM), Endpoint Security, AI agent platforms, and Data Loss Prevention (DLP) systems.
-
Standards and Partnership:
- Establish and maintain security standards and guidelines for AI solutions and infrastructure.
- Collaborate with engineering and IT teams to secure enterprise IT systems and protect against new and evolving threats.
Requirements
- Bachelor’s degree or equivalent practical experience in core cybersecurity domains related to IT.
- Understanding and ability to explain and apply core computer security concepts such as the CIA triad, principle of least privilege, authentication vs. authorization, etc.
- Experience in programming with one or more languages, including but not limited to Go, Python, or JavaScript.
- Familiarity with standard software development tools, such as Git, CI/CD tools, IaC, and shell scripting.
- Basic understanding of core AI security principles (OWASP AI/LLM Top Ten).
- Proficiency using AI tools for day to day productivity and to accelerate dashboarding and reporting.
- Proficiency in modern Identity and Access Management (IAM) systems, like Okta, Microsoft Entra ID..
- Strong teamwork skills and the ability to collaborate with others in a diverse environment.
Nice to haves
While not specifically required, tell us if you have any of the following.
- Experience working as a security architect or IT architect.
- Deep understanding of AI agent mechanisms, vulnerabilities, and attack methodologies.
- Experience in securing AI agent frameworks..
- Experience in managing Non-Human Identity (NHI) tools.
- Expertise in the security of cloud platforms (e.g., GCP, AWS, Microsoft Azure), especially securing multi-cloud networks and infrastructure, and designing cloud agnostic systems.
- Experience building, administrating, and improving IT security solutions (IAM, MDM, EDR, DLP, etc.)
- Familiarity with frameworks such as NIST AI Risk Management and Google’s Secure AI Framework, and OWASP Top 10 For Agentic Applications.
- Strong analytical and problem-solving skills, with an ability to think critically and objectively assess security risks.
- Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
- Japanese language ability
