Security Manager - Offensive Security Section, Cyber Security Defense Department (CSDD)

Job Description:

Business Overview

In Rakuten Group, the security and safety of the internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group. 

Department Overview

Our mission is to proactively identify and mitigate cyber security risks across the Rakuten Group. We achieve this by conducting comprehensive security audit for internal development teams (pre-release and annual security audit), providing actionable advice for remediation, establishing group-wide security testing standards as the HQ security testing team, and offering security testing services to our subsidiaries. We are evolving our approach by mandating automated scanning as a primary step, followed by targeted manual testing for areas not covered by automation, aiming to streamline the release process and enhance efficiency.

Position:

Why We Hire

Team expansion due to the increased demand for the work and the scope expansion. 

Position Details

We are seeking a highly motivated and experienced Security Manager to lead a new group within our Offensive Security Section. This role is pivotal in ensuring that Rakuten's services meet the highest expected security standards. The Security Manager will work closely with development teams to drive and effectively integrate security best practices throughout the Secure SDLC. This position requires strong leadership in reviewing and testing new and existing services, providing high-quality advice on vulnerabilities, potential issues, and their remediation to relevant stakeholders. As a manager, you will be responsible for understanding the overall security posture of Rakuten, and for building efficient processes and governance models for providing necessary advice and guidance.

Responsibilities include:

- Lead, mentor, and manage a team of security engineers/analysts within the newly formed group, fostering a culture of continuous learning, innovation, and high performance.

- Define team objectives, manage workloads, and ensure timely and high-quality delivery of security assessments and services.

- Conduct performance reviews, provide constructive feedback, and support career development for team members.

Mandatory Qualifications:

- 5+ years of experience in Cyber security, with at least 2+ years in a leadership or management role focused on offensive security, penetration testing.

- Proven experience in web application security, mobile application security, API security, and/or network security.

- Strong understanding of Secure SDLC principles and experience integrating security into development pipelines.

- Deep knowledge of common vulnerabilities (e.g., OWASP Top 10) and various attack vectors.

- Excellent analytical, problem-solving, and communication skills, with the ability to articulate complex security issues to both technical and non-technical audiences.  

Desired Qualifications:

- Industry certifications such as OSCP, OSWE, CISSP, CISM, or similar.

- Experience with automated security scanning tools (SAST, DAST, SCA).

- Experience in a large-scale, global enterprise environment.

- Familiarity with cloud security (AWS, Azure, GCP).

- Experience in designing and implementing security governance frameworks.

- Business Level English (TOEIC 800 or above)

- Strong command of both Japanese (written and verbal).

#engineer 

#securityengineer 
#technologymanagementdiv