Rakuten | Project Manager

Project Manager

Department Overview
In Rakuten, security and safety of the Internet services of our group are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the Secure Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Why We Hire
To enhance Rakuten’s cyber security organization

Position Details
This is a position to engage in cyber defense for Rakuten commercial services and corporate IT systems in order to enable “Internet World Peace”.

As core member of Rakuten-CERT, you will be expected to lead protecting our services and customers thoroughly.
- Build and maintain strategies for cyber security monitoring and incident response
- Lead Rakuten-CERT, which is the official CSIRT of Rakuten Group, Inc.
- Manage Blue Team and defend Rakuten services and IT systems from advanced cyber attacks and crimes
- Enable integrated cyber defense connecting private SOC and cyber threat intelligence
- Contribute improvement of cyber resilience in the organization and industry through the development of cyber professionals

- Over 7 years of professional experience in information security field
- Operational experience in cyber security such as security monitoring, incident responses, digital forensics, or cyber threat intelligence
- At least 3 years of team management experience with service delivery and budget management
- Implementation experience of defensive controls at actual cyber attack/crime cases (regardless of scale)
- Understanding of the core concepts of web/mobile application and vulnerability fixture process
- Experience in vulnerability management, 0-day response
- Understanding of network and web application protocols
- Strong teamwork capability in a diverse team environment
- Excellent consultation, problem-solving, communication, and interpersonal skills to build trust and consensus with stakeholders
- Strong ownership and sense of responsibility

- Experience in Web service development, implementation/operation at corporate IT or cloud-native system infrastructures
- Incident response experience in cyber attacks or cyber crimes at large-scale services
- Experience in CSIRT or vulnerability management team
- Experience in a diverse workplace, and working well in a team environment
- Experience in vendor contract management, security strategy planning with multiple IT products
- Experience in implementation or support for compliance and security requirements such as PCI DSS or FISC
- Holder of any security-related certifications, ex: Security+, GIAC, OSCP/OSCE, SSCP