Enterprise Security Engineer

Introduction

Circulate all forms of value to unleash the potential in all people

"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential.For more information about Mercari Group’s mission, see Mercari's Culture Doc.

Equal Opportunity Hiring

Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Inclusion & Diversity is essential for us to achieve our mission.

This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background. For more details, please read our I&D statement.

Position Overview

As an IT Security Specialist, you will work closely with the product divisions and teams to lead security initiatives within the Mercari Group. This position handles a wide range of tasks, from upstream processes like assessing risks facing the corporate IT environment and defining requirements for security measures, to implementing solutions and other downstream processes. You will also work to strengthen security for the IT environment as a whole and contribute to implementing zero-trust architecture.

Job Posting Title: Enterprise Security Engineer

We are looking for two profile of candidates:

• Senior / Architect level
• Mid-career / Individual Contributor

Mercari is undergoing an internal transformation as the group is moving from a startup to a company with multiple group companies. Our IT infrastructure needs to adapt to these changes. A major ongoing initiative is to manage our infrastructure like our production with a Corporate SRE team. The security team is supporting this initiative.

As an Enterprise Security Engineer, you will work closely with the Corporate Engineering team and production teams to lead security initiatives within the Mercari Group. This position handles a wide range of tasks, from upstream processes like assessing risks facing the corporate IT environment and defining requirements for security measures, to implementing solutions and other downstream processes. You will also work to strengthen security for the IT environment as a whole and contribute to implementing zero-trust architecture.

Mission and key goals

• Secure our infrastructure, corporate environment and services
• Identify risks and resolves issues through scalable solutions
• Maintain and update a secure enterprise platform vision and roadmap

Work Responsibilities

• Formulating risk assessments and security strategies relating to the IT environment
• Assessing risks relating to the security of the IT environment through threat modeling and regular reviews.
• Defining requirements for security measures necessary for the IT environment
• Ensuring consistency with security policies
• Maintenance and ownership of the corporate IT security roadmap
• Document and be able to report about the state of maturity of our infra against a defined standard.
  
  
• Designing security measures for the IT environment
• Selecting and comparing solutions to be implemented
• Planning operations for solutions to be implemented
• Identifying problems in operations and considering solutions
• Proposing solutions and building consensus with senior management
  
  
• Implementing and running security solutions
• Running security measures (setting configurations, answering questions, etc.) as code and through automation.
• Liaising with the IT team and security vendors
• Monitoring and evaluating security measures
• Coordinate with the IT team for the review and release of security configurations and countermeasures.
• Improve incident handling capabilities related to Enterprise assets.
• Master the management of our security countermeasures
• Support the Threat Detection Engineering team in creating response playbooks
• Act as subject matter expert for enterprise infrastructure related domains, in collaboration with the emergency response team.

Unique and Bold Challenges

• Support the freedom of employees to choose whatever work style is best for them through a cloud-native environment
• Provide active support for diverse work styles within and outside of Japan and the US.
• Work on a wide range of tasks, from upstream processes like defining security requirements to designing the company’s IT environment and actually implementing solutions
• Take on the challenge of implementing dynamic security in a rapidly-growing global organization and environment

Required Experience

• Bachelor's degree or equivalent practical experience in core cybersecurity domains related to IT.
• Experience assessing risks and formulating/designing security requirements for cloud based IT systems
• Experience analyzing, building, administrating, and improving endpoint security
• Experience implementing and operating identity and role management, as well as authentication systems
• Experience handling security incidents (impact analysis, investigation, response, consideration of and support for implementing preventative measures)
• Extensive knowledge of IT infrastructure (TCP/IP, networks, servers, authentication, directory services, endpoint management)
• Strong teamwork skills and the ability to collaborate with others in a diverse environment.
• Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies
• Experience managing projects
• Shared belief in Mercari’s mission and values

Preferred Experience

• Experience working as a security architect or IT architect
• Experience leading or managing teams
• Certifications related to information security (CISSP, CEH, SANS GIAC, etc.)
• Understanding of compliance requirements such as PCI DSS and GDPR
• Knowledge of and experience working in a cloud-based environment, infrastructure as code, as well as deployment pipelines
• Knowledge of development languages like Go, Python or Javascript and management of code through revision control tools (like Github)
• Knowledge of and experience working in financial or crypto asset businesses
• General knowledge of information system/application development/management and system security
• Experience carrying out audits regarding systems and/or information security
• Experience building and operating security devices and monitoring infrastructure (CASB, EDR, DLP, etc.)

Recruitment process

• CV screening
• Technical test
• Interview (3 - 4 times)
• Reference check
• Offer

*We will decide based on the feedback on the final interview and the references.

Screening Criteria

• Does the candidate have the necessary experience and knowledge to carry out the work required of this position?
• Is the candidate flexible in their thinking and capable of adapting in a constantly-changing environment?
• Can the candidate proactively find issues with the current situation, identify the problem, and work to resolve it?
• Does the candidate have the logicality and communication skills to explain the background and purpose of security initiatives to their counterparts in various levels and build consensus?

Language Requirements

• English: Business level (required)
• Japanese: Near-native level (preferred)

Working Conditions

Employment Status

Full-time

• Probationary period: First 3 months after joining the company. (During this period your contract conditions will be the same as that of a permanent employee.)

Office

Roppongi

• Smoking is prohibited within our offices
• Mercari has introduced a work style policy called “Your Choice.” Each member is free to choose whether they want to work in the office or work fully remote. *Exceptions made for certain kinds of work.

Work Hours

• Full flextime (no “core time” or “flex time”)
  *Does not apply to all positions

Holidays

• Two days off per week (as well as national holidays, New Year's break, etc.)
• Paid leave, congratulatory and bereavement leave, relax days, sick leave

Salary

• Annual salary paid in 12 monthly installments (including fixed overtime allowance)
• Based on skills, experience, and abilities
• Reviewed twice a year

Benefits

• Complete health and social insurance
• Incentive program
• Support systems, including those that benefit the employee’s family members

Other Support

• Relocation support
• Language learning support
• Translation/interpretation support