Rakuten | Security Engineer

Security Engineer

Department Overview
In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Why We Hire
Team expansion due to the increased demand for the work and the scope expansion.

Position Details
As a member of CSDD Red Team Operations Section, you will execute offensive security activities and penetration tests against wide variety of systems. You will be challenged with various projects in different aspects of security, while working with other peer engineers. Expected tasks ranging from but not limited to:

- Performing threat-led penetration testing,
- Investigation & research on the latest TTPs (Tools, Techniques, Procedures) to emulate cyberattacks, 
- Work with the Blue Team to analyze the response capability and find room for improvement
- Provide remediation suggestions for system operation/development teams.

You will develop novel attack techniques against new and existing products & deliver high-quality risk reporting outputs for stakeholders across Rakuten group companies.

Responsibilities
- Lead the planning, execution and quality control of Penetration Testing/Red Team engagements
- Work with the Blue Team to analyze the response capability, find room for improvement, and provide actionable recommendations
- Understand the requirements of potential target systems, organizations, businesses, and suggest appropriate assessment methodologies
- Identify potential threat actors and TTPs with attack scenarios based on the target profile
- Stay Informed and Research on new and emerging Adversaries, TTPs, and maintain industrial-leading skills and toolset for testing
- Demonstrate cybersecurity risk, document findings, and provide remediation recommendations and mitigation strategies
- Develop and present accurate and comprehensive reports for both non-technical and technical audiences, including leadership
- Join evaluation and integration projects for security solutions
- Perform technical analysis, testing, demonstration on new exploit codes
- Answer cyber security questions, and support other teams as a technical consultant

- Minimum 3 years of experience in IT/Information Security related fields
- 2+ years of experience in Web/Mobile/Network Penetration Testing
- Understanding of the core concepts of web/mobile application and security issues
- Proficient in one or more scripting languages, ex: Python, Ruby
- Proven knowledge of network and web application protocols
- Familiarity and knowledge of Active Directory concepts
- Strong teamwork capability in a diverse team environment
- Strong verbal and written communications skill
- Strong ownership and sense of responsibility

- Experience in Web/Mobile application development
- Experience in using major web frameworks
- Experience with red teaming and common TTPs (Tactics, Techniques and Procedures)
- Experience with at least one major commercial cloud environment
- Experience in a diverse workplace, and work well in a team environment
- Holder of any security-related certifications, e.g. OSCP/OSCE, CRTO