Product Security Engineer, Platform Security Group (CSDD)

Job Description:

Department Overview

In Rakuten, security and safety of the Internet services of our group are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Our mission is to empower all product and platform development teams to understand and improve their security level by forming a community to deliver security trend information, delivering demanded and state-of-the-art security solutions and professional-grade security consulting services.

Position:

Why We Hire

Team expansion due to the increased demand for the work and the scope expansion.

Position Details

As a member of the Cyber Security Defense Department (CSDD), you will be responsible for leading and executing product security operations for Rakuten's core products that form the backbone of the Rakuten Ecosystem. This role requires close collaboration with product development teams and both internal and external stakeholders to ensure the implementation and operation of essential security controls within our products. By offering comprehensive security support throughout all phases of the Software Development Life Cycle (SDLC), from design to operation, you will play a crucial role in enhancing the security posture of our products and driving business success.

Responsibilities:

- Lead and perform product security operations, including architecture design, integration, testing, and vulnerability management for Rakuten's core products.

- Lead streamlining and operating security monitoring process for Rakuten's private cloud infrastructure platform.

- Collaborate closely with product development teams to integrate security controls into the product lifecycle.

- Engage with internal and external stakeholders to ensure security requirements are met and maintained.

Provide end-to-end security support across all SDLC phases, from initial design through to operational deployment.

- Empower product teams by delivering expert security guidance and solutions.

- Continuously monitor and improve security measures to protect against emerging threats and vulnerabilities.

Work Environment

We are a small and diverse team with expertise in different domains. Our team highly values relationships, teamwork, celebrating individuality, discovery, innovation, sharing knowledge, adaptability, mutual trust, and high-quality work. We value working well both independently and with others.

Mandatory Qualifications:

- Bachelor's degree in computer science, information security, or a related field.

- 3+ years of experience in application vulnerability assessment and network penetration testing.

- Experience in using, administering, and automating network security testing infrastructure.

- Experience in programming with one or more languages, such as Java, PHP, Python, and JavaScript.

- Familiarity with security monitoring and incident response processes.

- Strong teamwork skills and the ability to communicate with stakeholders in a diverse environment.

- Strong sense of ownership and problem-solving skills.

Desired Qualifications:

- Master's degree in computer science, information security, or a related field.

- Experience in using and administering enterprise security testing solutions.

- Experience in using and administering public cloud infrastructure platforms including AWS, Azure, and Google Cloud.

- Familiarity with security monitoring technologies, such as IDS/IPS, EDR, SIEM, and SOAR.

- Familiarity with cloud-native technologies, such as containers, IaC, and microservices.

- Relevant certifications such as OSCP, OSWE, GPEN, and GXPN.

- Proficiency in business-level Japanese and English.

#engineer #securityengineer #technologymanagementdiv #securityengineer