Rakuten | Security Engineer


Product Security Engineer - Cyber Security Defense Department (CSDD)

    Security Engineer|Rakuten
    Security Engineer|Rakuten
    Security Engineer|Rakuten

Job Summary


Japan, Tokyo
Partial remote
Apply from Anywhere

Language requirements

English: Business
Japanese: Business

Key skills

  • Python
  • Ruby
  • Cyber security

Job Description

Job role

Security Engineer

Job description

Department Overview
In Rakuten Group, the security and safety of Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the Secure Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.  

Why We Hire
Team expansion due to the increased demand for the work and the scope expansion.

Position Details
As a member of the CSDD Product Security Team, you will work closely with development teams to ensure Rakuten's products meet the expected security level by promoting effective integration of security best practices through Secure SDLC(Software/System Development Life Cycle). You will be expected to review and test new and existing products and deliver high-quality vulnerability and remediation reports for stakeholders across Rakuten group companies.

- Understand business requirements and define security requirements accordingly.
- Propose, design, and implement security solutions and controls in accordance with security policies, regulations, and security best practices.
- Stay informed of new and emerging cyber threats and evaluate their impact on Rakuten group.
- Interface with other technical departments such as application development, infrastructure, and ID management.
- Review product security design with firm techniques, such as document-based review, threat modeling, etc.
- Review application source code and infrastructure configuration to find vulnerabilities. 
- Perform automated and manual application penetration testing on Web, Mobile applications, APIs, and desktop applications to find vulnerabilities. 
- Report findings (vulnerabilities) with a summary, impact, and remediation recommendations in a written professional report, and verbal explanations to stakeholders.
- Integrate security scanners into CI/CD pipelines for automating security testing. 
- Develop automated tools and techniques to maximize efficiency in security operations 
- Provide security training for developers on security best practices. 
- Maintain technical security-related policies, regulations, and guidelines, and maintain compliance.

Required skills and experiences

Basic qualifications

- Minimum 3 years of experience in Cyber Security related fields. 
- 2+ years of experience in web/mobile application security assessment. 
- Understanding of the core concepts of web/mobile applications and security issues . 
- Proven knowledge of network and web application protocols. 
- Proficient in one or more scripting languages, ex: Python, Ruby.   
- Strong teamwork capability in a diverse team environment . 
- Strong verbal and written communication skills. 
- Strong ownership and sense of responsibility. 

Preferred qualifications

- Knowledge of security best practices and frameworks such as NIST, OWASP, CIS, etc. 
- Knowledge of indurstrial standard authentication technologies, including OAuth, OpenID, SAML, FIDO, etc. 
- Knowledge of cryptography and secret management. 
- Experience in Web/Mobile application development using major frameworks. 
- Experience in risk assessment, threat modeling, and security code review. 
- Experience in implementing security scanners (SAST, DAST, SCA, etc.) into CI/CD pipelines using commercial and open-source tools. 
- Experience in provisioning security awareness, training and education. 
- Experience with at least one major commercial cloud environment such as AWS/Azure/GCP and knowledge of cloud security and infrastructures like Infrastructure as Code(IaC), container(Docker), and orchestration(Kubernetes). 
- Holder of any security-related certifications, ex: GIAC, OSCP/OSCE, SSCP, CCSP, CISSP, and public cloud providers' certification. 

Job Details

Employment typeFull-time
LocationRakuten Crimson House, 1-14-1 Tamagawa, Setagaya-ku, Tokyo158-0094
(1 min walk from Futakotamagawa Station on the Denentoshi Line)
Apply fromAnywhere
Remote workPartial remote
Working hours9:00am - 5:30pm (Every Monday, work hours are from 8:00am to 4:30pm due to morning meeting)
Holidays・2 days off per week (Saturdays, Sundays, and national holidays are holidays)
・10-20 days of annual paid vacation (the minimum number of days is the number of days granted after six months of employment)
・120 days off per year
In addition, year-end and New Year vacations, paid vacation, congratulation or condolence leave, maternity and paternity leave, etc.
*Once a year, you can take 9 to 12 consecutive holidays by using the long vacation (Success Vacation) system.
Employee benefits・Commuting allowance
・Housing allowance
・Health insurance
・Employee pension insurance
・Unemployment insurance
・Workers' accident compensation insurance
・Retirement allowance system
Supplemental education and qualification support
・English learning support (in-house TOEIC(R) test IP test, English conversation, etc.)
・Career challenge system (challenge the department of your choice)
・Job return system (rehiring system for those who retired due to marriage, childbirth, nursing care, etc.), etc.
・Stock Option Plan
・Cafeteria system with three free meals
・LILO Club (preferential treatment at sports clubs, accommodations, leisure facilities, movie theaters, etc.)
・LILO Club (sports clubs, lodging, leisure facilities, movie theaters, etc.) (Running, mountain climbing, cooking, etc., part of the expenses paid by the company)
・Reward system
・Free English conversation lessons by native English speakers
・Support system for certification acquisition
・Qualification support system, etc.
You must agree to the terms and conditions and the privacy policy