【Department Overview】
In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.


【Why We Hire】
To enhance Rakuten’s cyber security organization

【Key responsibilities】

The ideal candidate is expected to handle cyber security tasks with not limited to but including the followingresponsibilities:

- Conduct real-time analysis of malware campaigns, threat actors, and known attack vectors to detect andreport potential threats

- Use security incident and event management (SIEM) tools to manage events, alerts, and logs related to security incidents

- Deliver detailed technical reports of findings to management with recommended action plans and countermeasures as appropriate

- Establish and maintain incident response plans, playbooks, and procedures

- Respond to security incidents, including leading response activities and coordinating with cross-functional teams and third-party partners when necessary

- Assist in information and intelligence sharing with internal and external stakeholders

- Maintain situational awareness of the global threat landscape as well as the overall industry trends and advancements

- Continuously research and evaluate security trends, threats, and emerging technologies to provide proactive and agile responses to emerging threats

- Familiarity with regulatory frameworks, such as NIST, CIS and ISO standards

- Understand key threat actors and their tools, tactics, techniques and procedures (TTPs) to ensure that testing scenarios simulate real-world scenarios

- Stay up-to-date with the latest security technologies and trends and identify opportunities to improve security architectures and processes

- Develop, implement and maintain custom signatures, rules, and policies for intrusion and anomaly detection, utilizing network, endpoint and application data sources

- Create, refine and prioritize detection use-cases and threat scenarios

- Analyze system and network data to identify potential indicators of compromise (IOCs)

- Perform regular reviews and updates of SIEM rules and threat intelligence to ensure the latest threats are included in detection

- Continuously test and tune detection rules and methods to improve detection accuracy, reduce false positives and false negatives

【Minimum Qualifications】

- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems or in a related field

- 7 years of experience in incident response, cyber threat intelligence or security operations center (SOC)

- Expert level knowledge of cyber threats and attack vectors, malware delivery and command and control (C2) mechanisms

- Proven experience in handling various cyber threats including, ransomware, APTs, social engineering, and DDoS attacks

- Strong experience with SIEM tools, forensics, and malware analysis

- Ability to work under pressure and multitask in a fast-paced environment

- Strong knowledge of threat intelligence and the ability to effectively simulate advanced attacks

- Strong understanding of security frameworks such as NIST, CIS, and ISO 27001

- Excellent verbal and written communication skills; ability to convey complex technical information to nontechnical stakeholders

【Preferred Qualifications】

- Related professional certifications such as CISSP, GCIA, GCIH, GPEN, or CEH.

- Experience with Purple Team testing methodologies, including automated testing tools and techniques

1. When applying for this position, please also attach your English resume (word/pdf).

2. The interview will be conducted entirely in English.