DevSecOps engineer at Ford ensuring secure software development and compliance with security standards. Collaborating with teams to embed security practices and assess vulnerabilities in software delivery.
About the role
- Information Security Engineer supporting Mercari’s US business from Tokyo, bridging teams in Japan and US.
Responsibilities
- Support Mercari’s US business from Tokyo and act as a technical bridge between Mercari US and Japan-based teams across security, engineering, and corporate functions.
- Partner closely with US security leadership to drive tactical execution, coordinate operational work, and help ensure that US business requirements are reflected in Mercari’s security controls and processes.
- Serve as a technical representative for Mercari US and coordinate with teams across security operations, vulnerability management, enterprise security, platform security, and related functions.
- Translate US security priorities, technical requirements, and governance/compliance needs into actionable implementation plans, control improvements, and remediation tasks.
- Drive follow-through on security work that impacts the US business, including detection and response workflows, vulnerability management, hardening activities, and security control validation.
- Partner with engineering teams to review architectures, identify security gaps, and improve the security of applications, cloud environments, networks, endpoints, identity systems, and supporting infrastructure.
- Help define and improve security standards and technical controls across areas such as IAM, endpoint security, logging and monitoring, DLP, network security, cloud security, and AI-enabled workflows.
- Build and maintain automation, integrations, dashboards, and reporting mechanisms that reduce manual effort and improve operational visibility, accountability, and speed.
- Support threat modeling, risk assessments, and security reviews for systems, projects, and business initiatives relevant to Mercari’s US business.
- Support audit and compliance-related activities by helping translate requirements into technical controls, evidence, remediation plans, and operational improvements.
- Communicate risks, trade-offs, and status clearly to stakeholders in Japan and the US, and drive progress through technical credibility, ownership, and strong cross-functional collaboration.
Requirements
- Bachelor’s degree or equivalent practical experience in cybersecurity, computer science, information systems, or a related field.
- Strong understanding of core security concepts such as least privilege, defense in depth, authentication and authorization, network segmentation, incident response, and secure system design.
- Hands-on experience in multiple security domains, such as security operations, vulnerability management, IAM, endpoint security, network security, cloud/platform security, enterprise security, or application security.
- Ability to understand and discuss security, IT, networking, infrastructure, and software engineering topics with specialists across different teams.
- Experience partnering with engineering or operational teams to design, implement, or improve technical security controls.
- Experience programming or scripting with one or more languages, such as Python, Go, or JavaScript, and familiarity with shell scripting and automation workflows.
- Familiarity with modern engineering and operations practices, including Git, CI/CD, Infrastructure as Code, and ticket-driven workflows.
- Experience using common security platforms such as SIEM, EDR, IAM, vulnerability scanners, cloud security services, or similar tools.
- Experience performing technical risk assessments, threat modeling, or security reviews and driving remediation with partner teams.
- Basic understanding of AI/LLM security risks and common control themes for enterprise AI tools or agentic workflows.
- Strong written and verbal communication skills and the ability to collaborate effectively in a diverse environment.
- Experience in a role that bridged security and engineering across regional or global organizations. (preferred)
- Experience working with US-based stakeholders, companies, or business operations, with an understanding of US security governance, audit, or compliance expectations. (preferred)
- Experience supporting US regulatory, audit, or governance requirements such as PCI DSS, privacy, SOC 2, SOX-related controls, or similar frameworks. (preferred)
- Experience with enterprise security technologies such as Okta, MDM, EDR, DLP, email security, or device management platforms. (preferred)
- Experience with cloud and platform security in environments using AWS, GCP, Azure, containers, or modern developer platforms. (preferred)
- Experience collaborating closely with SOC functions, incident response, threat detection, or attack-based hardening activities. (preferred)
- Experience building security automation, integrations, metrics, or dashboards that improve operational visibility and execution speed. (preferred)
- Familiarity with AI security guidance such as OWASP AI/LLM Top 10, OWASP guidance for agentic applications, NIST AI RMF, or similar frameworks. (preferred)
- Ability to communicate in Japanese in a business environment. (preferred)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Officer responsible for ensuring safety and security at the Genesee Brewing Company. Monitoring premises, responding to emergencies, and providing visitor assistance during shifts.
Security Estimator creating estimates and proposals for security projects at LINX. Collaborating with engineering and sales teams for system design and client relationships.
Product Security Architect at Expedia designing secure architecture for services and APIs. Collaborating with teams to guide secure practices and integrate AI - driven solutions.
IT Security Officer overseeing information security for a specific IT sector at Desjardins. Collaborating with cross - sector teams and managing information security risks and vulnerabilities.
Associate, Information Security professional at Santander focusing on Vulnerability Management and network security exposure. Collaborating with teams to enhance security posture and manage technology risks.
IAM Security & Technology Governance person driving IAM technical program with cutting - edge technology to improve security posture at MUFG. Manage IAM requirements, standards, governance and solutions across global implementation.
Senior Analyst in Mastercard's newly created Vocalink Control Office supporting control testing across Security domains. Ensuring a strong control environment and identifying gaps for improvement.
Senior Analyst focusing on Information Security and Compliance at Cirque du Soleil. Engaging in threat analysis and improvement of security tools and processes, within a creative company culture.
Security Architect designing and implementing cybersecurity architectures for UK Defence projects. Collaborating with stakeholders to safeguard client data against cyber threats.