Security Architect, Product Security Section - Cyber Security Defense Department (CSDD)

Department Overview 

In Rakuten, security and safety of the Internet services of our group are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group. 

Our mission is to empower all product and platform development teams to understand and improve their security level by forming a community to deliver security trend information, delivering demanded and state-of-the-art security solutions and professional-grade security consulting services. 

Position: 

Why We Hire 

We are expanding the team to meet additional demand for our work. 

We are looking for a security architect: 

- to review or create system designs, guidelines and standards 

- who can also be the owner of our vulnerability management processes and technologies 

- with strong communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders 

- with management aspirations as a plus, to ensure we have leaders in our future to effectively guide us 

Position Details 

Security Design Review 

- Perform system requirements and design review on systems inside the Rakuten ecosystem. 

- Collaborate with developers, system/network administrators, and other stakeholders to ensure secure design, development, and implementation of applications and networks. 

- Create and/or update security-related guidelines, technical security standards, security policies, and regulations for Rakuten group. 

Security Vulnerability Process and Technology Ownership 

- Lead the strategy, design, and enhancement of our vulnerability management including its process and technology. 

- Establish security policies, standards, and guidelines to ensure consistent security practices across the organization. 

- Collaborate with stakeholders to ensure security policies are integrated into business processes. 

Security Education, Consulting, and Leadership  

- Take part in the security training and awareness activities by cultivating a sense of security awareness, and arranging for continuous education. 

- Inspire innovation and deliver quality at speed across the platform and execute these to success through diligent planning, attention to detail, effective delegation, efficient decision making, and individual/team accountability. 

- Provide guidance and mentorship to other security architects and other team members. 

- Communicate with potential (internal) customers to understand their cybersecurity needs and challenges. 

- Scope and assess customer requirements to provide tailored security solutions. 

- Develop and present proposals based on the customer's needs and cybersecurity challenges. 

- Handle consulting engagements, providing expert advice and solutions to internal customers. 

Work Environment 

We are a small and diverse team of security architects with expertise in different domains.  Our team highly values relationships, teamwork, celebrating individuality, discovery, innovation, sharing knowledge, adaptability, mutual trust, and high-quality work.  We value working well both independently and with others. 

Mandatory Qualifications: 

- 5+ years of professional experience in cyber security. 

- Understanding of the core concepts of network, web/mobile application, network/web application protocols, and related security issues. 

- Understanding of security architecture frameworks, threat modeling, security patterns, and security best practices in SDLC. 

- Excellent consultation, problem-solving, communication, and interpersonal skills to help build trust and consensus. 

- Strong teamwork capability in a diverse team environment. 

Desired Qualifications: 

- Past work as a consultant at a highly technical information security consultancy is a plus. 

- Certifications such as CEH 

- Advanced IT security certifications (with good standing) e.g., CISA, CISSP may be advantageous. 

- Experience overseeing remediation of vulnerabilities, defining security requirements, and a proven track record of working with infrastructure and development teams to build secure solutions. 

- Experience in Web/Mobile application development and major web frameworks. 

- Experience in Web/Mobile Penetration Testing and/or Vulnerability Assessment. 

- Experience with major commercial cloud environments and/or working with container technologies. 

- Experience in working with SIEM and/or participated in Incident Response projects. 

- Incident response experience, including handling and managing security incidents. 

-Japanese language ability as a bonus 

#engineer #securityengineer #technologymanagementdiv #securityengineer