This position is closed and is no longer accepting applications.

Security Engineer (Product Security)

Mercari Minato-ku, Tokyo
  • 💴 No salary range given
  • 🏡 Fully remote (from Japan)
  • 🧪 2+ years experience required
  • 💬 No Japanese required
  • 🌏 Apply from abroad
  • 🧳 Relocate to Japan

About Mercari

Mercari Minato-ku, Tokyo

Mercari is a marketplace app that makes it easy for people to safely sell and ship their things. Having been downloaded over 100 million times, it is now among the largest peer-to-peer selling platforms globally.

Key benefits

  • Full flextime
  • Outside work encouraged
  • Employee stock ownership program

About the position

Mercari is looking for a security engineer to join our Product Security Team in Tokyo. The Product Security Team ensures that Mercari products meet security requirements and investigates, tracks, and assists in fixing security issues. The team strives to be a business enabler working on a variety of tasks and applying a risk-based approach to security-related decision making.

As a Product Security Engineer you will be responsible for eliciting and communicating security requirements to product teams, performing threat modeling, design reviews, and security testing. You will also be involved in evaluating, designing, developing, and deploying automated security assessment solutions (DAST, SAST, SCA, etc.) and take on the challenge of ensuring the safety of Mercari’s development lifecycle.


  • Review product designs to define necessary security requirements based on threat modeling.
  • Review proposed architecture and propose a set of security controls in order to minimize risk.
  • Review source code to find security problems and potential vulnerabilities.
  • Conduct vulnerability assessments and penetration testing on Mercari’s Web, iOS, and Android applications.
  • Automate security checks and tests so that they can be easily and transparently plugged into the CI/CD pipeline.
  • Develop technical solutions to help mitigate security vulnerabilities.
  • Maintain technical and security standards for Web and mobile application technologies.
  • Educate developers on secure coding practices with workshops, talks, and lessons.
  • Evaluate and investigate suspected security events or incidents and perform remediation in accordance with Incident Response procedures.
  • Collaborate with information security officers, the legal team, and internal auditors on technical security matters.

Bold Challenges

  • Work with a modern, cloud-first development and deployment environment.
  • This position will allow you to take full advantage of your skills and experience because you will work on a variety of projects ranging from an online marketplace to payments and IoT.
  • Mercari offers a multicultural environment with colleagues from over 40 different countries and various backgrounds (experiences and skills), so you will be able to discuss and address issues from different perspectives and use that for personal growth.


  • Bachelor’s degree or equivalent practical experience.
  • Programming experience with one or more programming languages including but not limited to: Go, PHP, Java, Ruby, Python, C/C++, Objective-C, Swift, Kotlin, or JavaScript.
  • 2+ years of experience analyzing the security of systems (penetration testing, Web application security testing, vulnerability scanning, threat modeling, etc.).
  • Good understanding of modern Web application architecture, TLS, HTTP, TCP/IP, and standard network and system security technologies.
  • Experience with modern software development tools, such as distributed version control systems (git), dependency management, build systems, and CI/CD pipelines.
  • Strong teamwork skills in a diverse environment.
  • Effective interpersonal and communication skills.

Nice to haves

These aren’t required, but be sure to mention them in your application if you have them.

  • In-depth technical knowledge of security engineering, computer and network security, Unix-based operating systems, mobile security, authentication, security protocols, and applied cryptography.
  • Strong experience in securing both backend (Go, PHP) and frontend (Web, JavaScript, iOS, Android) applications.
  • Good understanding of development methodologies such as Object-oriented Programming (OOP), Domain-driven Design (DDD), and Test-driven Development (TDD).
  • Good understanding of microservice architecture and related security patterns.
  • Knowledge of container and orchestration technology like Docker and Kubernetes.
  • Experience working with large-scale cloud infrastructure and services (GCP or AWS).
  • Experience working in an agile and DevOps-centric environment.

Meet Mercari's Developers

Jieqiong shares her experience of joining Mercari and working as a tech lead. She explains their engineering culture and provides tips for potential applicants.

Read her story...

Other Jobs at Mercari

Related jobs

More jobs like this

I'll send you a digest of new English-friendly software developer jobs in Japan. Your email stays private, I don’t share or sell it.