Senior Penetration Tester - Red Team Operations Group, Offensive Security Section (CSDD)

Job Description:

Department Overview

The Cyber Security Defense Department (CSDD) is responsible for the security and safety of the Internet services of Rakuten Group Inc. CSDD covers all aspects of the Secure Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Position:

Why We Hire

The Cyber Security Defense Department’s Red Team Operations Group is looking for a Senior Penetration Tester. The successful candidate will lead and perform various types of Offensive Security activities such as Penetration Testing and Red Team Engagements and will also be involved in developing and managing the Red Team’s resources such as tooling, infrastructure, etc. This role also entails close collaboration with key stakeholders to ensure that Rakuten Group’s security vulnerabilities are appropriately mitigated and its detection capabilities continuously improved.

Position Details

You will be part of a diverse and passionate team of Offensive Security Experts, always looking for a way to get in but also for the best way to mitigate their findings. As cybersecurity professionals, we believe continuous growth and training are necessary to maintain up-to-date skills, so you will have many opportunities to level up your skills. Finally, Rakuten Group’s unique ecosystem will give you the chance to perform Penetration Testing and Red Team Engagements on a wide variety of technologies, applications and infrastructures.

Key Responsibilities:

- Lead and Perform Penetration Testing activities on web applications, networks, mobile applications, and other systems.

- Lead and Perform Red Team exercises to simulate the latest sophisticated attack scenarios.

- Collaborate with the Blue Team and IT Administrators to improve Rakuten Group’s detection and defensive capabilities.

- Produce high-quality reports and deliverables catered to technical and non-technical audiences.

- Contribute to the Red Team’s knowledge and tooling base by investigating the latest Offensive Security tactics and techniques and developing tools and scripts.

- Actively contribute to the administration, management, and continuous improvement of the Red Team’s infrastructure.

- Provide mentorship and training to junior team members.

Mandatory Qualifications:

- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Minimum of 3-5 years of experience in penetration testing and red teaming.
- Minimum of 3-5 years of experience in performing EDR evasion.
- Minimum of 3-5 years of experience in using, administering, and automating Offensive Security Infrastructure,
- Proficiency in scripting and programming languages (e.g., Python, PowerShell, Bash).
- Familiarity with various operating systems (Windows, Linux, macOS) and network protocols.
- Relevant certifications such as OSCP, OSCE, GPEN, GXPN, CRTO, GCFA, GCIH

Desired Qualifications:

- Experience performing Offensive Security testing against cloud environments (AWS, GCP, Azure).

- Experience or interest in performing Offensive Security testing against Generative AI systems and Large Language Models (LLMs).

- Familiarity with regulatory requirements and standards (e.g., GDPR, HIPAA, PCI-DSS).

- Fluent Japanese

#engineer
#securityengineer
#technologymanagementdiv