本ポジションは日本語JDの用意がありません。

Information Security Engineer - US App

• Employment Status: Full-time
• Work Hours: Full Flextime (no core time)
• Office: Roppongi

---

Organization/Team Mission

Mercari Engineering Principles are the foundation of engineering beliefs and behavior. They help achieve our mission by defining the ideal long-term state:

• Passion For The Product
• Grow Together
• Solve Through Mechanisms
• Collaborate Openly

The Information Security team supporting the US business works across security, engineering, and corporate functions in Japan and the US to strengthen security foundations protecting systems, data, and operations. This role connects US security priorities with broader security capabilities in Japan, translating business needs, risks, and compliance expectations into practical technical outcomes.

This position is ideal for a strong security generalist with an engineering mindset, working across domains such as security operations, enterprise security, platform and cloud security, and AI security.

---

Work Responsibilities

• Serve as a technical representative for the US business; coordinate with teams across security operations, vulnerability management, enterprise security, platform security, and related functions.
• Translate US security priorities, technical requirements, and governance/compliance needs into actionable implementation plans, control improvements, and remediation tasks.
• Drive follow-through on security work affecting the US business, e.g., detection and response workflows, vulnerability management, hardening activities, and security control validation.
• Partner with engineering teams to review architectures, identify security gaps, and improve security across applications, cloud environments, networks, endpoints, identity systems, and supporting infrastructure.
• Define and improve security standards and technical controls across disciplines such as IAM, endpoint security, logging and monitoring, DLP, network security, cloud security, and AI-enabled workflows.
• Build and maintain automation, integrations, dashboards, and reporting mechanisms to reduce manual effort and improve operational visibility, accountability, and speed.
• Support threat modeling, risk assessments, and security reviews for systems, projects, and business initiatives.
• Support audit and compliance activities by translating requirements into technical controls, evidence, remediation plans, and operational improvements.
• Communicate risks, trade-offs, and status to stakeholders in Japan and the US, driving progress through technical credibility, ownership, and cross-functional collaboration.

---

Unique Challenges

Cross-regional execution:

• Work effectively across US and Japanese teams with varying working styles, time zones, and ownership models to drive consistent security outcomes.
• Influence and coordinate across multiple teams, even without direct reporting lines.

Broad security scope:

• Operate across several security domains: security operations, enterprise/IT security, platform/cloud security, vulnerability management, and AI security.
• Balance hands-on tactical execution with broader architectural, operational, and business context.

US business and compliance context:

• Support initiatives that satisfy US business, governance, and compliance obligations while aligning with broader security standards.
• Identify and help resolve control gaps, operational bottlenecks, and ownership issues.

Automation and mechanisms:

• Improve security via engineering, automation, and repeatable workflows, not just manual processes.
• Create scalable mechanisms for reporting, escalation, remediation tracking, and cross-team accountability.

---

Qualifications

Required

• Bachelor’s degree or equivalent practical experience in cybersecurity, computer science, information systems, or a related field.
• Strong understanding of core security concepts like least privilege, defense in depth, authentication & authorization, network segmentation, incident response, secure system design.
• Hands-on experience in multiple security domains (e.g., security operations, vulnerability management, IAM, endpoint/network/cloud/platform/enterprise/application security).
• Ability to discuss security, IT, networking, infrastructure, and software engineering topics with specialists.
• Experience partnering with engineering/operational teams to design, implement, or improve technical security controls.
• Experience programming or scripting (Python, Go, JavaScript) and familiarity with shell scripting and automation.
• Familiarity with modern engineering/operations practices: Git, CI/CD, Infrastructure as Code, ticket-driven workflows.
• Experience using platforms like SIEM, EDR, IAM, vulnerability scanners, cloud security services, or similar tools.
• Experience with technical risk assessments, threat modeling, or security reviews and driving remediation.
• Basic understanding of AI/LLM security risks and enterprise AI control themes.
• Strong written and verbal communication skills; able to collaborate effectively in a diverse environment.

Preferred

• Experience bridging security and engineering across regional or global organizations.
• Experience with US-based stakeholders, companies, or business operations and US security governance, audit, or compliance expectations.
• Experience supporting US regulatory/audit requirements such as PCI DSS, privacy, SOC 2, SOX, or similar frameworks.
• Familiarity with enterprise security technologies (e.g., Okta, MDM, EDR, DLP, email security, device management).
• Cloud/platform security experience (AWS, GCP, Azure, containers, modern developer platforms).
• Collaboration with SOC functions, incident response, threat detection, or attack-based hardening activities.
• Experience building security automation, integrations, metrics, or dashboards.
• Familiarity with AI security guidance (OWASP AI/LLM Top 10, NIST AI RMF, etc.).
• Ability to communicate in Japanese in a business environment.

Language

• Japanese: CEFR - B1 (preferred)
• English: CEFR-B2 (Required)

---

Additional Information

• Careers site
• Mercan
• Social media: X / LinkedIn

---

Equal Opportunity Hiring

We are committed to Inclusion & Diversity, ensuring no one's potential is limited by background. Discrimination based on age, gender, orientation, race, religion, disability, or other factors is not tolerated. Read more in our I&D statement.

Please read and acknowledge our Privacy Policy prior to submitting your application.