As a member of Mercari’s SOAR/SOC team you will be responsible for monitoring, investigating, and analysing security event logs to protect Mercari’s production and corporate infrastructure. You will work together with other security engineers to build on and improve monitoring rules for Mercari’s log platform and in-house SOAR system by writing workflows as code to automate remediation and incident response, conduct forensics as part of Mercari’s incident response team, and take on other initiatives to improve Mercari’s overall security posture.
Responsibilities
- Monitoring security events and responding to security incidents (log aggregation, investigation, analysis, reporting, etc.)
- Building on Mercari’s log analysis platform, improving monitoring rules, and automating security operations through further developing Mercari’s in-house SOAR system
- Use the latest technologies to conduct deep analysis of logs and propose and create your own solutions for automated response
- As a member of the SOC work together with Mercari’s CSIRT to fight incidents on the front line
- Work with the cutting edge and complex cloud infrastructure systems that support Mercari and Merpay’s services
- Deal with a vast arrays of data, logs, and dependencies, and take the initiative to automate
- Work with a diverse team of experts with a wide range of experience in security
- Enrich team performance through the orchestration and automation of operational efforts through programming and development of scripts and playbooks
- Utilize API based automation to enhance incident response lifecycle automation, security automation, threat intelligence and threat hunting
Requirements
- Understanding and empathy for the mission and values of Mercari
- Experience coding to develop tools / automate processes in at least one programming language - Go, Python, Node.js, Java, etc.
- Analyzing security event logs for anomalies and/or experience responding to security incidents as part of a CSIRT
- In-depth knowledge of IT infrastructure (in particular cloud-based infrastructure) - cloud based technologies, container-based applications, networks, servers, authentication, directory services, endpoint management, etc.
Nice to haves
These aren’t required, but be sure to mention them in your application if you have them.
- Using SQL to conduct log investigations using data analytics platforms such as BigQuery
- In-depth knowledge/experience in at least one major domain of both security and computer science
- Conducting security analysis (penetration testing, web application security testing, vulnerability testing, threat modelling, etc.)
- Understanding of version management, IDE, CI/CD tools and other tools related to the software development process
- Practical understanding of microservice architecture, Docker, Kubernetes, and container orchestration, etc.
- Using cloud based infrastructure (GCP, AWS, etc.)
- Certification / experience in digital forensics and incident response (DFIR)
