Security Engineer, Product Security Section - Cyber Security Defense Department (CSDD)

Job Description:

Department Overview

In Rakuten, security and safety of the Internet services of our group are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.

Our mission is to empower all product and platform development teams to understand and improve their security level by forming a community to deliver security trend information, delivering demanded and state-of-the-art security solutions and professional-grade security consulting services.

Position:

Why We Hire

We are expanding the team to meet additional demand for our work.

We are looking for a security engineer with the following attributes:

- Can effectively guide our development teams to remediate or reduce the risk of security vulnerabilities

- Can develop and maintain tools and scripts

- Has strong communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders

- Management aspirations as a plus, to ensure we have leaders in our future to effectively guide us

Position Details

Primary

- Manage vulnerabilities after assessments have been performed, until remediation or risk acceptance.

- Collaborate with development teams and other security teams to reduce the risk of identified vulnerabilities.

- Review and assess proposed remediation solutions from development teams to ensure they meet security standards.

- Develop and maintain security tools, scripts, automation frameworks, and reporting.
 

Security Education, Leadership, and Growth

- Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques.

- Inspire innovation and deliver quality at speed across the platform and execute these to success through diligent planning, attention to detail, effective delegation, efficient decision making, and individual/team accountability.

- Provide security training and guidance to development teams.

- Provide guidance and mentorship to other team members for your areas of expertise.

- Contribute to projects where your expertise is required.

- Document security processes, procedures, and guidelines.

- Perform some security requirement analysis or design reviews and provide recommendations.

Work Environment

We are a small and diverse team with expertise in different domains.  Our team highly values relationships, teamwork, celebrating individuality, discovery, innovation, sharing knowledge, adaptability, mutual trust, and high-quality work.  We value working well both independently and with others.

Mandatory Qualifications:

- 3+ years of experience in cyber security (with experience handling vulnerabilities)

- Strong understanding of common security vulnerabilities and mitigation techniques.

- Proficiency in at least one programming or scripting language (e.g., Python, Java, JavaScript).

- Experience with security tools and technologies (e.g., static and dynamic analysis tools, vulnerability scanners).

- Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).

Desired Qualifications:

- Degree in Computer Science, Information Security, or a related field.

- Relevant security certifications (e.g., CISSP, CEH, OSCP).

- Experience with DevSecOps practices and tools (e.g., CI/CD pipelines, container security).

- Knowledge of cloud security (e.g., AWS, Azure, Google Cloud).

- Experience with security design reviews and threat modeling.

- Familiarity with secure coding practices and code review processes.

- Japanese language ability is a bonus

#engineer #securityengineer #technologymanagementdiv #securityengineer