DFIR Manager, Security Operations Center Section -Cyber Defense Operations Department (RMI Security Eng. & Ops Div)

Job Description:

About Organization

Rakuten Mobile, Inc. is an entity established for the launch of its mobile carrier business as an MNO (Mobile Network Operator.) We aim to provide the most competitive and convenient service to meet our customer needs and demands via the innovative use of technology. Defining future world-standard innovations in the MNO industry, we continually challenge ourselves and capabilities. We are looking for talented individuals who are interested in working with us to create and deliver world class solutions.

The team is looking for a highly technical individual to support our growing team in Japan and build a world class SOC/DFIR capability. As a member of our team, you will be responsible for managing and leading a team of 15 individuals for the Security Operations Center (SOC) and Digital Forensics & Incident Response (DFIR) team members located in Japan and India. The role is responsible for ensuring security monitoring and incident response for the 4G/5G mobility network for Rakuten Mobile in Japan.

Job Duties

Actively investigate security events and manage incident response and digital forensic investigations across a range of computing environments, networks, platforms, and applications, including Windows, Linux-based operating systems, Mobile Devices, Kubernetes, public cloud software-as-a-service applications, and inhouse hosted infrastructure-as-a-service platforms.

Roles & Responsibilities:

• Lead a team of 15 members and coordinate the response to cybersecurity incidents, ensuring timely and effective resolution.

• Proactively conduct threat hunting exercises and perform security triage and forensic analysis of compromised computing environments and systems including Windows, Linux, Mac OS , network, and mobile devices.

• Forensically analyze end user systems and servers found to have possible indicators of compromise.

• Perform analysis of firewall, web, database, system, network, and other log sources to identify evidence and artifacts of malicious and compromised activity.

• Collect and analyze data to identify cyber security flaws and vulnerabilities and make recommendations that enable prompt remediation.

• Perform memory forensics and binary file analysis as needed.

• Work closely with Threat Intelligence and Detection Engineering teams to ensure robust detective and preventative measures are in place to identify emerging threats.

• Investigate and analyze malicious code and/or malware by performing malware analysis.

• Develop and maintain incident response and forensic activity plans, runbooks, and other preparedness documentation.

• Coordinate with server owners, system custodians, and IT/Network contacts to pursue security incident response activities, including obtaining access to systems, digital forensic artifact collection, and containment and/or remediation actions.

• Develop and maintain IR script repository to support automated forensic artifact collection and analysis.

• Provide support to prepare cyber security incident investigation report.

• Identify and propose areas for improvement within the Incident Response team.

• Availability during nights/weekends as needed for DFIR activities.

• Conduct research and development on cyber security incidents and mitigations.

• Collaborate with others in the Security Operations department to develop and implement innovative strategies for monitoring and preventing attackers.

Minimum Qualifications

• Bachelor’s degree in Computer Science or related field.

• 10-14 years of experience in Digital Forensics and Incident Response performing Incident Triage, Investigation, Evidence collection, analysis, and reporting.

• Experience managing teams across multiple geographic locations.

• Good understanding of data collection and preservation principles.

• Understanding of file system, file types, encodings, encryptions, drive structures, etc.

• Proficient in the use of forensic tools such as FTK, EnCase, Axiom, X-Ways, Volatility, etc.

• Experience with various forensic log artefacts found in SIEM logs, Firewall logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs.

• Prior experience using SIEM/EDR/XDR products (e.g., Splunk, QRadar, Crowdstrike, Carbon Black, Sentinel One, Tanium, Trend Micro, others) to investigate threats and perform triage activities.

• Must have experience with scripting/programming in at least one language (e.g., Go, Python, PowerShell).

• Microsoft Azure and/or Office 365 platform knowledge and experience.

• Applicable GIAC Certifications such as OSCP/E, GNFA, GCFE, GCFA, or GREM.

• Must possess strong experience in security engineering and network technologies, Operating Systems and network security, common attack patterns and exploitation techniques.

• Must possess an understanding of all aspects of incident response and digital forensics, evidence handling procedures, conducting, and managing cyber investigations and case management.

• Understanding of common threat actor techniques (Mitre Att&ck), malware behavior and persistence mechanisms.

• Ability to analyze and solve complex technical problems.

• Must be able to complete multiple tasks under scheduled deadlines.

• Must be willing to participate in on-call rotation and work after hours as needed.

• Ability to influence decision makers with data and objective analysis.

• Must possess strong oral and written communication, analytical, and problem-solving capabilities as well as excellent judgment and self-motivation.

• Must have a passion for research and uncovering the unknown about cyber security threats and threat actors.

Preferred Qualifications

• Familiarity with Public Cloud platforms (GCP/AWS/Azure).

• Knowledge of Containerization, Kubernetes, Docker is a plus.

• Experience working in Telecom (MNO/MVNO) sector is preferable, but not required.

Languages: