Rakuten | Security Engineer


Penetration Tester, Red Team Exercises - Cyber Security Defense Department (CSDD)

    Security Engineer|Rakuten
    Security Engineer|Rakuten
    Security Engineer|Rakuten

Job Summary


Japan, Tokyo
Partial remote
Apply from Anywhere

Language requirements

English: Business
Japanese: Not required

Key skills

  • Python
  • Ruby

Job Description

Job role

Security Engineer

Job description

Department Overview
In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Why We Hire
Team expansion due to the increased demand for the work and the scope expansion.

Position Details
As a member of CSDD Red Team Operations Section, you will execute offensive security activities and penetration tests against wide variety of systems. You will be challenged with various projects in different aspects of security, while working with other peer engineers. Expected tasks ranging from but not limited to:

- Performing threat-led penetration testing,
- Investigation & research on the latest TTPs (Tools, Techniques, Procedures) to emulate cyberattacks, 
- Work with the Blue Team to analyze the response capability and find room for improvement
- Provide remediation suggestions for system operation/development teams.

You will develop novel attack techniques against new and existing products & deliver high-quality risk reporting outputs for stakeholders across Rakuten group companies.

- Lead the planning, execution and quality control of Penetration Testing/Red Team engagements
- Work with the Blue Team to analyze the response capability, find room for improvement, and provide actionable recommendations
- Understand the requirements of potential target systems, organizations, businesses, and suggest appropriate assessment methodologies
- Identify potential threat actors and TTPs with attack scenarios based on the target profile
- Stay Informed and Research on new and emerging Adversaries, TTPs, and maintain industrial-leading skills and toolset for testing
- Demonstrate cybersecurity risk, document findings, and provide remediation recommendations and mitigation strategies
- Develop and present accurate and comprehensive reports for both non-technical and technical audiences, including leadership
- Join evaluation and integration projects for security solutions
- Perform technical analysis, testing, demonstration on new exploit codes
- Answer cyber security questions, and support other teams as a technical consultant

Required skills and experiences

Basic qualifications

- Minimum 3 years of experience in IT/Information Security related fields
- 2+ years of experience in Web/Mobile/Network Penetration Testing
- Understanding of the core concepts of web/mobile application and security issues
- Proficient in one or more scripting languages, ex: Python, Ruby
- Proven knowledge of network and web application protocols
- Familiarity and knowledge of Active Directory concepts
- Strong teamwork capability in a diverse team environment
- Strong verbal and written communications skill
- Strong ownership and sense of responsibility

Preferred qualifications

- Experience in Web/Mobile application development
- Experience in using major web frameworks
- Experience with red teaming and common TTPs (Tactics, Techniques and Procedures)
- Experience with at least one major commercial cloud environment
- Experience in a diverse workplace, and work well in a team environment
- Holder of any security-related certifications, e.g. OSCP/OSCE, CRTO

Job Details

Employment typeFull-time
LocationRakuten Crimson House, 1-14-1 Tamagawa, Setagaya-ku, Tokyo158-0094
(1 min walk from Futakotamagawa Station on the Denentoshi Line)
Apply fromAnywhere
Remote workPartial remote
Working hours9:00am - 5:30pm (Every Monday, work hours are from 8:00am to 4:30pm due to morning meeting)
Holidays・2 days off per week (Saturdays, Sundays, and national holidays are holidays)
・10-20 days of annual paid vacation (the minimum number of days is the number of days granted after six months of employment)
・120 days off per year
In addition, year-end and New Year vacations, paid vacation, congratulation or condolence leave, maternity and paternity leave, etc.
*Once a year, you can take 9 to 12 consecutive holidays by using the long vacation (Success Vacation) system.
Employee benefits・Commuting allowance
・Housing allowance
・Health insurance
・Employee pension insurance
・Unemployment insurance
・Workers' accident compensation insurance
・Retirement allowance system
Supplemental education and qualification support
・English learning support (in-house TOEIC(R) test IP test, English conversation, etc.)
・Career challenge system (challenge the department of your choice)
・Job return system (rehiring system for those who retired due to marriage, childbirth, nursing care, etc.), etc.
・Stock Option Plan
・Cafeteria system with three free meals
・LILO Club (preferential treatment at sports clubs, accommodations, leisure facilities, movie theaters, etc.)
・LILO Club (sports clubs, lodging, leisure facilities, movie theaters, etc.) (Running, mountain climbing, cooking, etc., part of the expenses paid by the company)
・Reward system
・Free English conversation lessons by native English speakers
・Support system for certification acquisition
・Qualification support system, etc.
You must agree to the terms and conditions and the privacy policy