About Mercari

Roppongi, Tokyo

Mercari is a marketplace app that makes it easy for people to safely sell and ship their things. Having been downloaded over 100 million times, it is now among the largest peer-to-peer selling platforms globally.

Key benefits

  • Full flextime
  • Outside work encouraged
  • Employee stock ownership program

About the position

As a Security Engineer in the Mercari Security Engineering Team, you will perform security design and process reviews as well as develop and deploy security countermeasures, and execute penetration tests. This is a unique role within Mercari since you will be involved in high-stakes projects across the organization. In addition, you will help us ensure the integration of and compliance with security best practices, frameworks, and regulations in these projects.

Mercari follows the philosophy of “security as code”, so our security engineers are expected to automate and optimize the solutions they develop. That’s why we are looking for people passionate about automation to join our team! Specifically, you will:

  • Review system designs to define necessary security requirements based on threat evaluation and attack trees.
  • Review architecture proposals, such as infrastructure or information flows, and propose security controls to minimize risks.
  • Conduct vulnerability assessments and penetration testing on Mercari’s production and corporate infrastructure.
  • Automate security controls and monitoring.
  • Develop technical solutions to help mitigate security vulnerabilities.
  • Maintain technical & security standards for production and corporate infrastructure services.
  • Educate engineering teams on security practices with hands on workshops, tech talks, and lectures.
  • Participate in the incident response process, identify remediation actions and deploy countermeasures.
  • Collaborate with information security officers, the legal team, and internal auditors on technical security matters.

Bold Challenges

  • Security Engineers at Mercari are responsible for dealing with a vast array of data, logs, and dependencies. You will be able to use cutting-edge and complex cloud infrastructure systems to help us tackle unknown issues.
  • With rapidly growing organizations and services, it is extremely important for Mercari to introduce automation and stop depending on manual work as much as possible. This is an exciting opportunity to gain experience helping us build our security systems and solve issues in a fast-paced environment.

Requirements

  • 4+ years of experience in security domains
  • Programming experience with one or more programming languages including but not limited to: Go, Python, PHP, Javascript
  • Public cloud infrastructure platforms (GCP, AWS and Azure), as well as container technologies (Docker, Kubernetes)
  • Penetration testing, web application security testing, vulnerability scanning, threat-based infrastructure risk assessment
  • Security automation and DevSecOps methodologies
  • Corporate security solutions (DLP, IAM, MDM, Endpoint security/EDR, CASB, ZeroTrust, MFA)
  • Implemented security controls based on security frameworks and regulations (ISO27001, PCI-DSS, CCPA)
  • Key management and applied cryptography (TLS, PKI, KMS, blockchain, data encryption)

Nice to haves

These aren’t required, but be sure to mention them in your application if you have them.

  • Bachelor’s degree in Computer Science or equivalent practical experience
  • Recognized security certifications (CISSP, OSCP, GIAC)
  • Experience leading or investigating in incident handling cases, performed computer forensic investigations, or malware analysis
  • Good understanding of modern web application architecture
  • Experience with software development tools, such as version control systems, integrated development environments (IDE), and CI/CD tools
  • SQL Querying (BigQuery, Mysql)
  • Effective interpersonal and communication skills
DO YOU NEED MORE INFO?
ASK A QUESTION

Meet Mercari's Developers

Joining Mercari as a tech lead

with Jieqiong Yu

Jieqiong shares her experience of joining Mercari and working as a tech lead. She explains their engineering culture and provides tips for potential applicants.

Read her story...

Other Jobs at Mercari

Related jobs

About Mercari

Roppongi, Tokyo

Mercari is a marketplace app that makes it easy for people to safely sell and ship their things. Having been downloaded over 100 million times, it is now among the largest peer-to-peer selling platforms globally.

Key benefits

  • Full flextime
  • Outside work encouraged
  • Employee stock ownership program

Other Jobs at Mercari

📬 More jobs like this

I'll send you a digest of new English-friendly software developer jobs in Japan. Your email stays private, I don’t share or sell it.