Information Security Engineer enhancing cloud security strategies for F&M Central's software, services, and cloud. Leading initiatives in identity management, compliance, and secure development practices.
About the role
- Information Security Engineer supporting Mercari’s US business from Tokyo, bridging teams in Japan and US.
Responsibilities
- Support Mercari’s US business from Tokyo and act as a technical bridge between Mercari US and Japan-based teams across security, engineering, and corporate functions.
- Partner closely with US security leadership to drive tactical execution, coordinate operational work, and help ensure that US business requirements are reflected in Mercari’s security controls and processes.
- Serve as a technical representative for Mercari US and coordinate with teams across security operations, vulnerability management, enterprise security, platform security, and related functions.
- Translate US security priorities, technical requirements, and governance/compliance needs into actionable implementation plans, control improvements, and remediation tasks.
- Drive follow-through on security work that impacts the US business, including detection and response workflows, vulnerability management, hardening activities, and security control validation.
- Partner with engineering teams to review architectures, identify security gaps, and improve the security of applications, cloud environments, networks, endpoints, identity systems, and supporting infrastructure.
- Help define and improve security standards and technical controls across areas such as IAM, endpoint security, logging and monitoring, DLP, network security, cloud security, and AI-enabled workflows.
- Build and maintain automation, integrations, dashboards, and reporting mechanisms that reduce manual effort and improve operational visibility, accountability, and speed.
- Support threat modeling, risk assessments, and security reviews for systems, projects, and business initiatives relevant to Mercari’s US business.
- Support audit and compliance-related activities by helping translate requirements into technical controls, evidence, remediation plans, and operational improvements.
- Communicate risks, trade-offs, and status clearly to stakeholders in Japan and the US, and drive progress through technical credibility, ownership, and strong cross-functional collaboration.
Requirements
- Bachelor’s degree or equivalent practical experience in cybersecurity, computer science, information systems, or a related field.
- Strong understanding of core security concepts such as least privilege, defense in depth, authentication and authorization, network segmentation, incident response, and secure system design.
- Hands-on experience in multiple security domains, such as security operations, vulnerability management, IAM, endpoint security, network security, cloud/platform security, enterprise security, or application security.
- Ability to understand and discuss security, IT, networking, infrastructure, and software engineering topics with specialists across different teams.
- Experience partnering with engineering or operational teams to design, implement, or improve technical security controls.
- Experience programming or scripting with one or more languages, such as Python, Go, or JavaScript, and familiarity with shell scripting and automation workflows.
- Familiarity with modern engineering and operations practices, including Git, CI/CD, Infrastructure as Code, and ticket-driven workflows.
- Experience using common security platforms such as SIEM, EDR, IAM, vulnerability scanners, cloud security services, or similar tools.
- Experience performing technical risk assessments, threat modeling, or security reviews and driving remediation with partner teams.
- Basic understanding of AI/LLM security risks and common control themes for enterprise AI tools or agentic workflows.
- Strong written and verbal communication skills and the ability to collaborate effectively in a diverse environment.
- Experience in a role that bridged security and engineering across regional or global organizations. (preferred)
- Experience working with US-based stakeholders, companies, or business operations, with an understanding of US security governance, audit, or compliance expectations. (preferred)
- Experience supporting US regulatory, audit, or governance requirements such as PCI DSS, privacy, SOC 2, SOX-related controls, or similar frameworks. (preferred)
- Experience with enterprise security technologies such as Okta, MDM, EDR, DLP, email security, or device management platforms. (preferred)
- Experience with cloud and platform security in environments using AWS, GCP, Azure, containers, or modern developer platforms. (preferred)
- Experience collaborating closely with SOC functions, incident response, threat detection, or attack-based hardening activities. (preferred)
- Experience building security automation, integrations, metrics, or dashboards that improve operational visibility and execution speed. (preferred)
- Familiarity with AI security guidance such as OWASP AI/LLM Top 10, OWASP guidance for agentic applications, NIST AI RMF, or similar frameworks. (preferred)
- Ability to communicate in Japanese in a business environment. (preferred)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Physical Security Engineer programming and configuring access control and surveillance systems. Collaborating with technical teams while managing security project requirements and client relations.
Senior Information Security Engineer providing cybersecurity incident response services for clients. Leading and performing cyber forensic analysis and presenting security solutions to customers.
Senior Product Manager leading the strategy and development of ESET's Identity Security portfolio. Driving innovation across identity protection areas helping organizations secure identities and access.
Health & Safety Coordinator ensuring safety standards in construction projects for multinational tech client. Fostering strong preventive culture in compliance with Spanish legislation.
Cybersecurity Intern participating in business transformation projects for major industries. Engaging in Cybersecurity Risk Assessment and developing innovative solutions in the IT sector.
Account Specialist managing sales and client relationships for security solutions in the public sector. Conducting market research and focusing on contract renewals and compliance in Australia.
Técnico em Segurança do Trabalho at Lotus ICT, focusing on workplace safety in Rio de Janeiro.
Security Supervisor providing comprehensive safety services across Nord Anglia International School campus. Leading security team to ensure operational and Health and Safety compliance while mitigating risks.
Security Supervisor overseeing loss prevention and security operations at WarHorse Gaming Lincoln casino. Ensuring a safe environment for guests and team members while upholding regulatory requirements.