Job Description
Business Overview
The Technology Management Division (TMD) provides Corporate IT, and Cyber Security & Privacy Governance to Rakuten Group companies and essential business management for technology organizations, thereby enabling innovation and strengthening the technology foundation. Within TMD, the Technology Management Services Supervisory Department (TMSSD) plays a vital role in CIO Governance, IT financial management, IT procurement, Quality Management System (QMS), technology-related public relations, and human resources strategy. By promoting efficiency, quality, risk management, and organizational strength, we ensure that Tech Divisions remain agile and at the forefront of technological advancement.

Department Overview
The Cyber Security Defense Department (CSDD) is responsible for safeguarding all Rakuten companies and users from cyber threats, ensuring the security and integrity of Rakuten Group's global internet services. We oversee all aspects of both Secure Development and Security Operations for services developed within the group, with dedicated security teams and operation centers strategically located in key regions worldwide.

Position
Why We Hire
We are seeking a highly motivated and experienced Mid-Level Security Engineer to join our corporate IT security monitoring team. This role is crucial in safeguarding our digital assets by focusing on robust Security Incident and Event Management (SIEM) practices, proactive incident response, and continuous threat detection enhancement. The ideal candidate will possess a strong technical background in cybersecurity, with a particular emphasis on SIEM tool utilization, incident response plan development and execution, and the ability to craft sophisticated detection use cases. Experience with the Secure Development Life Cycle (SDLC) and change management processes is also essential. You will play a key role in analyzing threats, responding to incidents, and collaborating with cross-functional teams to maintain a secure environment.

Position Details
Security Incident and Event Management (SIEM)

• Utilize SIEM tools to manage events, alerts, and logs related to security incidents, ensuring effective monitoring and analysis.
• Perform regular reviews and updates of SIEM rules and threat intelligence to ensure the latest threats are included in detection.
• Continuously test and tune detection rules and methods to improve detection accuracy and reduce false positives/negatives.
• Develop, implement, and maintain custom signatures, rules, and policies for intrusion and anomaly detection, utilizing network, endpoint, and application data sources.

Incident Response (IR) & Playbook Management

• Establish and maintain incident response plans, playbooks, and procedures, ensuring they are current, effective, and align with industry best practices.
• Respond to security incidents, including leading response activities and coordinating with cross-functional internal teams and third-party partners when necessary.
• Assist in information and intelligence sharing with internal and external stakeholders during incident response.
• Conduct real-time analysis of malware campaigns, threat actors, and known attack vectors to detect and report potential threats.
• Deliver detailed technical reports of findings to management with recommended action plans and countermeasures as appropriate.

Threat Detection & Use Case Development

• Create, refine, and prioritize detection use-cases and threat scenarios to enhance our ability to identify and mitigate emerging threats.
• Understand key threat actors and their tools, tactics, techniques, and procedures (TTPs) to ensure that testing scenarios simulate real-world attacks.
• Analyze system and network data to identify potential indicators of compromise (IOCs).
• Continuously research and evaluate security trends, threats, and emerging technologies to provide proactive and agile responses.

Secure Development Life Cycle (SDLC) & Change Management

• Partner with development teams and project/product managers to build and deliver secure services, integrating security throughout the SDLC.
• Perform system requirements/system design reviews on systems to identify and address potential security vulnerabilities.
• Evaluate and integrate security software solutions, ensuring they align with our security posture and architectural standards.
• Join projects and create security-related guidelines, policies, and regulations.

General Cybersecurity Expertise

• Maintain situational awareness of the global threat landscape as well as overall industry trends and advancements.
• Stay up-to-date with the latest security technologies and trends and identify opportunities to improve security architectures and processes.
• Familiarity with regulatory frameworks such as NIST, CIS, and ISO standards.
• Proficient in one or more scripting languages (e.g., Python, Ruby) for automating security tasks and analysis.
• Proven knowledge in network and web application protocols and security issues.

Mandatory Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field.
• Approximately 5+ years of experience in a security engineering role with incident response, cyber threat intelligence, security operations center (SOC) related additional experience.
• Strong experience with SIEM tools, forensics, and malware analysis.
• Knowledge of cyber threats and attack vectors, malware delivery, and command and control (C2) mechanisms.
• Strong understanding of security frameworks such as NIST, CIS, and ISO 27001.
• Ability to work under pressure and multitask in a fast-paced environment.
• Excellent verbal and written communication skills; ability to convey complex technical information to non-technical stakeholders.
• Strong teamwork capabilities in a diverse team environment.

Desired Qualifications

• Experience with Purple Team testing methodologies, including automated testing tools and techniques.
• Experience with at least one major commercial cloud environment.
• Strong ownership and sense of responsibility.
• Understanding of the MITRE ATT&CK Framework.
• Proven experience in handling various cyber threats including ransomware, APTs, social engineering, and DDoS attacks.
• Related professional certifications such as CISSP, GCIA, GCIH, GPEN, CEH, Security+, GIAC, OSCP/OSCE, or SSCP.
• Japanese language communication skills.

engineer #securityengineer #technologymanagementdiv