Platform Security Engineer - Mercari
Salary not provided
Platform Security Engineer - Mercari
Work Responsibilities
As a Security Engineer in the Mercari Platform Security Team, your work will be strengthening the resilience and enhancing the security posture of the foundational platform on which our services are built. This is an important role within Mercari that involves executing impactful projects across the organization. Through these projects, you will help ensure the integration of and compliance with security best practices, frameworks, and regulations across the Mercari platform.
Mercari follows the philosophy of “security as code”, so our security engineers are expected to automate and optimize the solutions they develop to provide a secure-by-default platform to other engineers. That’s why we are looking for people passionate about automation to join our team! Specifically, you will:
- Automate security controls and monitoring.
- Develop technical solutions to prevent or mitigate security vulnerabilities and strengthen overall system security.
- Maintain technical & security standards for production and corporate infrastructure services.
- Collaborate with security management professionals, the legal team, and internal auditors on technical security matters.
- Work with platform engineering teams to balance security with other requirements.
- Review architecture proposals, such as infrastructure or information flows, and propose security controls to minimize risks.
Unique Challenges
- Security Engineers at Mercari are responsible for dealing with a vast array of data, logs, and dependencies. You will be able to use cutting-edge and complex cloud infrastructure systems to help us identify and address issues.
- With rapidly growing organizations and services, it is extremely important for Mercari to introduce automation and stop depending on manual work as much as possible. This is an exciting opportunity to gain experience helping us build our security systems and solve issues in a fast-paced environment.
Qualifications
Required Experience/Skills
- Strong understanding of core computer security concepts and the ability to explain and apply them, including the CIA triad, principle of least privilege, authentication vs. authorization, cryptography, security protocols, application security, and related topics.
- Experience with standard software development tools such as Git, GitHub, CI/CD tools (GitHub Actions), and shell scripting
- Programming experience with one or more programming languages including but not limited to Go, Python or TypeScript
- Experience using and configuring public cloud infrastructure platforms (GCP, Google Workspace, AWS, Azure), as well as container technologies (Docker, Kubernetes) and Infrastructure as Code (Terraform)
- Experience with UNIX-like systems (i.e. Linux, macOS) configuration, administration and hardening as well as knowledge of basic POSIX command line utilities
Preferred Experience/Skills
- 4+ years of experience in security domains
- Bachelor's degree in Computer Science or equivalent practical experience
- Familiarity with cloud and web application architecture and best practices
- Familiarity with secure software development lifecycle (Secure SDLC, SLSA).
- Knowledge of SQL (BigQuery, Postgres, etc)
- Familiarity with applied cryptography (key management, TLS, PKIs, KMSes, etc)
- Familiarity with networking - TCP/UDP, DNS, HTTP
- Experience with configuring identity federation (OIDC, SAML)
- Familiarity with PCI-DSS or other information security or privacy standards
Language
- Japanese: Basic (CEFR - A2) Preferred
- English: Independent (CEFR - B2)