JD in Japanese follows. JD
Introduction
Circulate all forms of value to unleash the potential in all people
"What can I do to help society thrive with the finite resources we have?" The Mercari marketplace app was born in 2013 out of this thought by our founder Shintaro Yamada as he traveled the world. We believe that by circulating all forms of value, not just physical things and money, we can create opportunities for anyone to realize their dreams and contribute to society and the people around them. Mercari aims to use technology to connect people all over the world and create a world where anyone can unleash their potential.For more information about Mercari Group’s mission, see Mercari's Culture Doc.
Equal Opportunity Hiring
Here at Mercari, we work to realize a world in which no one’s potential is limited by their background and everyone has the opportunity to freely create value. We also firmly believe that a mindset of Diversity amp; Inclusion is essential for us to achieve our mission.
This, of course, extends to our hiring practices as well. Mercari is committed to eliminating discrimination based on age, gender, sexual orientation, race, religion, physical disability, and other such factors so that anyone who shares our mission and values can join us, regardless of their background. For more details, please read our Damp;I Statement.
Position Overview
Work Responsibilities
- As a member of Mercari’s SOAR/SOC team you will be responsible for monitoring, investigating, and analysing security event logs to protect Mercari’s production and corporate infrastructure. You will work together with other security engineers to build on and improve monitoring rules for Mercari’s log platform and in-house SOAR system by writing workflows as code to automate remediation and incident response, conduct forensics as part of Mercari’s incident response team, and take on other initiatives to improve Mercari’s overall security posture.
- Key Responsibilities:
- Monitoring security events and responding to security incidents (log aggregation, investigation, analysis, reporting, etc.)
- Building on Mercari’s log analysis platform, improving monitoring rules, and automating security operations through further developing Mercari’s in-house SOAR system
Bold Challenges
- Use the latest technologies to conduct deep analysis of logs and propose and create your own solutions for automated response
- As a member of the SOC work together with Mercari’s CSIRT to fight incidents on the front line
- Work with the cutting edge and complex cloud infrastructure systems that support Mercari and Merpay’s services
- Deal with a vast arrays of data, logs, and dependencies, and take the initiative to automate
- Work with a diverse team of experts with a wide range of experience in security
Exciting challenges you will be able to tackle on the job
- Enrich team performance through the orchestration and automation of operational efforts through programming and development of scripts and playbooks
- Utilize API based automation to enhance incident response lifecycle automation, security automation, threat intelligence and threat hunting
Required Experience
- Understanding and empathy for the mission and values of Mercari
- Experience coding to develop tools / automate processes in at least one programming language - Go, Python, Node.js, Java, etc.
- Analyzing security event logs for anomalies and/or experience responding to security incidents as part of a CSIRT
- In-depth knowledge of IT infrastructure (in particular cloud-based infrastructure) - cloud based technologies, container-based applications, networks, servers, authentication, directory services, endpoint management, etc.
Preferred Experience
- Using SQL to conduct log investigations using data analytics platforms such as BigQuery
- In-depth knowledge/experience in at least one major domain of both security and computer science
- Conducting security analysis (penetration testing, web application security testing, vulnerability testing, threat modelling, etc.)
- Understanding of version management, IDE, CI/CD tools and other tools related to the software development process
- Practical understanding of microservice architecture, Docker, Kubernetes, and container orchestration, etc.
- Using cloud based infrastructure (GCP, AWS, etc.)
- Certification / experience in digital forensics and incident response (DFIR)
Recruitment process
- CV screening
- Technical test
- Interview(3 - 4 times)
- Reference check
- Offer
*We will decide based on the feedback on the final interview