Cyber Security Monitoring Infrastructure Architect (CSDD)

Job Description:

Department Overview

In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle we (SDLC) and operation security for all the services developed inside Rakuten Group.

Position:

Why We Hire

Team expansion due to the increased demand for the work and the scope expansion.

Position Details

As a member of the CSDD, you will be responsible for the high-level design, implementation, and maintenance of cyber security monitoring systems. This role requires a deep understanding of SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), and other core technologies, as well as cyber security landscape, attack tools, tactics and procedures. You will work closely with various teams to ensure that our monitoring solutions align with business needs, address cyber security challenges, and maintain high availability and operational efficiency.

Responsibilities

- Understand business requirements and define security monitoring requirements accordingly.

- Design and architect comprehensive cyber security monitoring systems utilizing SIEM, SOAR, and other relevant technologies based on the the criticality and risk of the business function.

- Implement and configure monitoring systems to meet organizational security requirements.

- Maintain and enhance the operational efficiency of monitoring systems, ensuring high availability and performance.

- Troubleshoot and resolve issues related to monitoring infrastructure.

- Integrate on-premise and cloud-based solutions to create a cohesive monitoring environment.

- Collaborate with other cyber security teams to ensure seamless integration and operation of monitoring systems.

- Develop and maintain documentation for system architecture, configurations, and operational procedures.

- Stay current with emerging technologies and industry best practices to continuously improve the monitoring infrastructure.

- Engage with stakeholders to understand business objectives and align monitoring solutions with organizational goals.

- Provide insights and recommendations to improve the overall security posture based on monitoring data and trends.

- Understand and apply frameworks such as MITRE ATT&CK to identify and mitigate common cyber security attack TTPs (Tactics, Techniques, and Procedures).

- Prepare and present detailed reports and presentations to stakeholders, explaining technical concepts, findings, and recommendations in a clear and concise manner.

- Provide incident response (IR) support as needed.

- Continuous improvement in monitoring to with low false positives and false negatives.

Mandatory Qualifications:

- 8+ years of experience in Cybersecurity related fields.

- Proven experience in designing, implementing, and maintaining SIEM and SOAR systems.

- Strong understanding of cyber security principles, challenges, and best practices.

- Experience with both on-premise and cloud-based security solutions and integrations.

- Proficiency in troubleshooting and resolving technical issues related to monitoring systems.

- Excellent communication and collaboration skills, with the ability to articulate technical concepts to non-technical stakeholders.

- Strong leadership skills and teamwork capability in a diverse team environment.

- Strong verbal and written communications skills.

- Strong ownership and sense of responsibility.

- Knowledge of frameworks such as MITRE ATT&CK and common cyber security attack TTPs.

- Excellent documentation and presentation skills, with the ability to create and deliver detailed reports and presentations to various stakeholders.

- Good knowledge of API integrations required for log sources connectivity to -- SIEM and SOAR platforms, as well as back-end integrations like Syslogs and Logstash for the SIEM infrastructure.

- Knowledge of performing Threat Modeling to understand potential risks.

Desired Qualifications:

- Experience with specific SIEM and SOAR platforms (e.g., Splunk, IBM QRadar, Palo Alto Cortex XSOAR).

- Knowledge of scripting and automation tools (e.g., Python, PowerShell).

- Familiarity with network security, endpoint security, and threat intelligence.

- Experience using major commercial cloud environments such as AWS/Azure/GCP, and knowledge of cloud security and infrastructure such as Infrastructure as Code (IaC), containers (Docker), and orchestration (Kubernetes).

- Experience handling escalated cases from Security Operation Center (SOC).

- Incident Response (IR) experience.

- Ability to communicate in Japanese

#engineer
#securityengineer
#technologymanagementdiv