Security Engineer - Offensive Security Section, Cyber Security Defense Department (CSDD)

Job Description:

Department Overview

In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Position:

Why We Hire

Team expansion due to the increased demand for the work and the scope expansion. 

Position Details

As a member of the CSDD Offensive Security Section, you will work with development teams to ensure Rakuten's products meet the expected security level.  You will be expected to review new and existing products and deliver high-quality risk reports for stakeholders across Rakuten group companies. 
 

Responsibilities

- Understand business requirements and define security requirements accordingly

- Understand security policies, regulations, and security best practices, and propose, design, and implement security solutions and controls

- Understand the latest cyber threats and evaluate their impact on Rakuten Group and related systems

- Review application source code and infrastructure configurations to discover vulnerabilities

- Conduct automated and manual application penetration testing for web, mobile applications, APIs, and desktop applications to discover vulnerabilities

- Present findings (vulnerabilities) in written reports and verbally to stakeholders, explaining the summary, impact, and remediation recommendations.

Mandatory Qualifications:

- 3+ years of experience in Cybersecurity related fields 

- 2+ years of experience in Web or Mobile application security assessment

- Understanding of the core concepts of web/mobile application security issues  

- Proficient in one or more scripting languages, e.g. Python, Ruby  

- Proven knowledge of communication and data exchange protocols used in networks and web applications

- Strong leadership skills and teamwork capability in a diverse team environment  

- Strong verbal and written communications skill  

- Strong ownership and sense of responsibility  

Desired Qualifications:

- Experience in Web/Mobile application development  using major frameworks.

- Experience using major commercial cloud environments such as AWS/Azure/GCP, and knowledge of cloud security and infrastructure such as Infrastructure as Code (IaC), containers (Docker), and orchestration (Kubernetes)

- Ability to communicate in Japanese
 

#technologymanagementdiv #engineer #securityengineer