Job Description
Business Overview
The Technology Management Division (TMD) provides Corporate IT, and Cyber Security & Privacy Governance to Rakuten Group companies and essential business management for technology organizations, thereby enabling innovation and strengthening the technology foundation. Within TMD, the Technology Management Services Supervisory Department (TMSSD) plays a vital role in CIO Governance, IT financial management, IT procurement, Quality Management System (QMS), technology-related public relations, and human resources strategy. By promoting efficiency, quality, risk management, and organizational strength, we ensure that Tech Divisions remain agile and at the forefront of technological advancement.

Department Overview
The Cyber Security Defense Department (CSDD) is responsible for safeguarding all Rakuten companies and users from cyber threats, ensuring the security and integrity of Rakuten Group's global internet services. We oversee all aspects of both Secure Development and Security Operations for services developed within the group, with dedicated security teams and operation centers strategically located in key regions worldwide.

Position
Position Details

• Lead and coordinate the response to cybersecurity incidents, including detection, containment, eradication, and recovery, while ensuring clear communication and collaboration across teams.
• Analyze logs from various sources (e.g., firewalls, SIEM, IDS/IPS, endpoint detection tools) to identify threats, investigate anomalies, and determine the scope and impact of incidents.
• Perform digital forensic investigations on compromised systems, including memory dumps, disk images, and network traffic, while preserving evidence in accordance with legal and organizational requirements.
• Use tools to quickly analyze malicious files, scripts, and executables to identify indicators of compromise (IOCs) and take necessary actions for containment, blocking, and mitigation.
• Prepare detailed incident reports, including root cause analysis, impact assessments, and recommendations for improvement, and communicate findings to stakeholders, including technical teams and management.
• Proactively identify and recommend improvements to security controls, processes, and tools to reduce the likelihood of future incidents, and conduct threat hunting activities to mitigate risks.
• Provide guidance and training to internal teams on incident response best practices and stay up-to-date with the latest cybersecurity trends, tools, and techniques.

Mandatory Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
• 3+ years of experience in cybersecurity, with a focus on incident response, digital forensics, or threat detection.
• Strong knowledge of security tools and technologies, such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability scanners.
• Proficiency in log analysis and familiarity with log formats (e.g., syslog, Windows Event Logs).
• Hands-on experience with Incident Response (IR) processes and methodologies.
• Familiarity with scripting and automation (e.g., Python, PowerShell, Bash) to streamline incident response processes.
• Strong sense of ownership and responsibility.
• Excellent problem-solving, analytical, and communication skills.
• Ability to work under pressure and handle multiple incidents simultaneously.

Desired Qualifications

• Relevant certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), or Certified Ethical Hacker (CEH).
• Experience handling escalated cases from a Security Operations Center (SOC).
• Hands-on experience with forensic tools (e.g., EnCase, FTK, Volatility) and malware analysis tools (e.g., Cuckoo Sandbox, VirusTotal).
• Experience with cloud security and incident response in cloud environments (e.g., AWS, Azure, Google Cloud).
• Knowledge of MITRE ATT&CK framework and its application in threat detection and response.
• Ability to communicate in Japanese.

engineer

technologymanagementdiv

securityengineer