本ポジションは日本語JDの用意がありません。

Platform Security Engineer - Mercari


Employment Status:
Full-time

Work Hours:
Full Flextime (no core time)

Office:
Roppongi

For more details, see the Overview of Our Positions section on our Careers site.

About Mercari

Circulate all forms of value to unleash the potential in all people

"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential. For more information about Mercari Group's mission, see Mercari's Culture Doc

Organization/Team Mission

Mercari Engineering Principles

Mercari Engineering Principles are a shared understanding that serves as the foundation of engineering beliefs and behavior at Mercari. The Engineering Principles are designed to complement the organizational identity (Mercari's mission, values, and culture) from an engineering viewpoint.

These principles ultimately help us achieve Mercari's mission by defining the ideal state we seek to realize in the long term.

Passion For The Product
Grow Together
Solve Through Mechanisms
Collaborate Openly

For More Details, Please See The Following Link

Engineering Culture

See here for more information about our mission and values.

Work Responsibilities

As a Security Engineer in the Mercari Platform Security Team, you will work to improve the resilience of the Mercari platform.

This is an important role within Mercari that involves executing impactful projects across the organization.

Through these projects, you will help ensure the integration of and compliance with security best practices, frameworks, and regulations across the Mercari platform.

About

Mercari follows the philosophy of "security as code", so our security engineers are expected to automate and optimize the solutions they develop to provide a "secure by default" platform.

That's why we are looking for people passionate about automation to join our team Specifically, you will:

Automate security controls and monitoring.
Develop technical solutions to prevent or mitigate security vulnerabilities and strengthen overall system security.
Maintain technical & security standards for production and corporate infrastructure services.
Collaborate with security management professionals, the legal team, and internal auditors on technical security matters.
Work with platform engineering teams to balance security with other requirements.
Review architecture proposals, such as infrastructure or information flows, and propose security controls to minimize risks.

Unique Challenges

Security Engineers at Mercari are responsible for dealing with a vast array of data, logs, and dependencies. You will be able to use cutting-edge and complex cloud infrastructure systems to help us identify and address issues.

With rapidly growing organizations and services, it is extremely important for Mercari to introduce automation and stop depending on manual work as much as possible.

This is an exciting opportunity to gain experience helping us build our security systems and solve issues in a fast-paced environment.

Qualifications

Required Experience/Skills

Strong understanding of core computer security concepts and the ability to explain and apply them, including the CIA triad, principle of least privilege, authentication vs.

authorization, cryptography, security protocols, application security, and related topics.
Experience with standard software development tools such as Git, GitHub, CI/CD tools (GitHub Actions), and shell scripting
Programming experience with one or more programming languages including but not limited to Go, Python or TypeScript
Experience using and configuring public cloud infrastructure platforms (GCP, Google Workspace, AWS, Azure), as well as container technologies (Docker, Kubernetes) and Infrastructure as Code (Terraform)
Experience with UNIX-like systems (i.e. Linux, macOS) configuration, administration and hardening as well as knowledge of basic POSIX command line utilities
Preferred Experience/Skills
4+ years of experience in security domains
Bachelor's degree in Computer Science or equivalent practical experience
Familiarity with cloud and web application architecture and best practices
Familiarity with secure software development lifecycle (Secure SDLC).
Knowledge of SQL (BigQuery, Postgres, etc)
Familiarity with applied cryptography (key management, TLS, PKIs, KMSes, etc)
Familiarity with networking - TCP/UDP, DNS, HTTP
Experience with configuring identity federation (OIDC, SAML)
Familiarity with PCI-DSS or other information security or privacy standards
Language

Japanese:
Bonus to have


English:
Independent (CEFR-B2)

For details about CEFR, see here.

Learn More About Mercari Group


Careers site:



Mercan:


Social media:
X / Linkedin
Removing GitHub PATs and

Private Keys From Google Cloud:
Extending Token Server to Google Cloud

When Caching Hides the Truth:
A VPC Service Controls & Artifact Registry Tale
How to bypass GitHub's Branch Protection
Streamlining Security Incident Response with Automation and Large Language Models | Mercari Engineering
An Introduction to Reverse Engineering for eBPF Bytecode
Who Watches the Watchmen? Keeping an Eye on Our Monitoring Systems
Detection Engineering and SOAR at Mercari
Mercari Appoints Naohisa Ichihara as New


CISO:
Making a Mark in History with the Goal of Establishing the World's Most Secure Marketplace
Going Beyond Diverse to

Become Borderless:
The Culture of Mercari's Security & Privacy Team
Security | Mercari Engineering blog
Security/Privacy | mercan

Recruiting at Mercari

At Mercari Group, we value empathizing with and embodying the mission and values of the Group and each company.

To promote the creation of an organization that maximizes the total amount of value exhibited by all members, we would like to understand the experience and skills of each candidate as accurately as possible.

Recruiting cycle at Mercari Group

Application screening

Skill assessment:
For engineering positions, you will be asked to complete a skill assessment on HackerRank or GitHub. For non-engineering positions, you may be asked to complete an assessment depending on the position. (The timing of the assessment may coincide with the interview process.)

Interview:
The number of interviews may vary depending on the position.

Reference check:
We will ask for online references around the timing of the final interview.

Offer:
Offers will be determined carefully in consideration of the final interview and the reference check.

Learn more about our recruiting process here.

Equal Opportunity Hiring

Here at Mercari, we work to realize a world in which no one's potential is limited by their background and everyone has the opportunity to freely create value.

We also firmly believe that a mindset of Inclusion & Diversity is essential for us to achieve our mission.

This, of course, extends to our hiring practices as well.

Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background.

For more details, please read our I&D statement.

Please read and acknowledge our Privacy Policy prior to submitting your application.
Show more Show less

---