業務内容

• Serve as the technical representative for Mercari US and coordinate with Security Operations, Vulnerability Management, Enterprise Security, Platform Security, and related functions.
• Translate US security priorities, governance/compliance needs into actionable implementation plans, controls, and remediation tasks.
• Drive follow-through on security work impacting the US business, including detection/response workflows, vulnerability management, hardening activities, and security control validation.
• Partner with engineering teams to review architectures, identify security gaps, and improve security of applications, cloud environments, networks, endpoints, identity systems, and supporting infrastructure.
• Define and improve security standards and technical controls across IAM, endpoint security, logging/monitoring, DLP, network security, cloud security, and AI-enabled workflows.
• Build and maintain automation, integrations, dashboards, and reporting mechanisms to reduce manual effort and improve operational visibility and speed.
• Support threat modeling, risk assessments, and security reviews for systems/projects relevant to Mercari’s US business.
• Support audit/compliance activities by translating requirements into technical controls, evidence, remediation plans, and operational improvements.
• Communicate risks, trade-offs, and status clearly to stakeholders in Japan and the US, driving progress through technical credibility and cross-functional collaboration.

技術スタック

必須スキル

• Bachelor’s degree or equivalent practical experience in cybersecurity, computer science, information systems, or a related field
• Strong understanding of core security concepts: least privilege, defense in depth, authentication/authorization, network segmentation, incident response, secure design
• Hands-on experience in multiple security domains: security operations, vulnerability management, IAM, endpoint security, network security, cloud/platform security, enterprise security, or application security
• Ability to discuss security/IT/infrastructure/software topics with specialists across teams
• Experience partnering with engineering/operational teams to design, implement, or improve technical security controls
• Programming/scripting in Python, Go, or JavaScript; shell scripting and automation workflows
• Familiarity with Git, CI/CD, Infrastructure as Code, and ticket-driven workflows
• Experience with security platforms (SIEM, EDR, IAM, vulnerability scanners, cloud security services)
• Experience performing technical risk assessments, threat modeling, or security reviews and driving remediation
• Basic understanding of AI/LLM security risks and enterprise AI control themes
• English: CEFR-B2 (Required)

歓迎スキル（該当する場合）

• Experience bridging security and engineering across regional/global organizations
• Experience with US-based stakeholders/governance/compliance expectations (PCI DSS, SOC 2, SOX, privacy)
• Experience with enterprise security technologies (Okta, MDM, EDR, DLP, email security, device management)
• Cloud/platform security in AWS, GCP, Azure; containers; modern developer platforms
• Collaboration with SOC, incident response, threat detection; security automation, integrations, dashboards
• Familiarity with OWASP AI/LLM Top 10, NIST AI RMF
• Japanese language ability in business environment (Preferred)

キャリア成長観点

• クロスリージョンでUS本社とJP本社を結ぶ技術的ブリッジとして、グローバルなセキュリティ戦略の影響力を持つ機会。
• セキュリティを“コードで実装する”アプローチと自動化重視の文化の中で、DevSecOps寄りの設計・実装能力が加速。
• セキュリティ領域はサイバーオペレーション、エンタープライズ、プラットフォーム、AIセキュリティなど多岐にわたり、専門性を広く深められる環境。
• US規制・監査対応（PCI DSS、SOC 2、SOX等）や監査準備を通じたガバナンス経験が積め、キャリア上位機会（Senior/Staff Engineer、Security Architect等）へ進む道が開かれる。
• バイリンガル対応力・跨部門協働力が強化され、リーダーシップや対外折衝のスキルも向上する。