Job Description

Business Overview

The Technology Management Division (TMD) provides corporate IT, cyber security, and privacy governance to Rakuten Group companies and essential business management for technology organizations, thereby enabling innovation and strengthening its technology foundation. Within TMD, the Information Security Supervisory Department (ISSD) combines proactive cyber defense with strategic information security, privacy, and data governance to protect the company’s global assets and data.

Department Overview

The Cyber Security Defense Department (CSDD) is responsible for safeguarding all Rakuten companies and users from cyber threats, ensuring the security and integrity of Rakuten Group's global internet services. We oversee all aspects of both Secure Development and Security Operations for services developed within the group, with dedicated security teams and operation centers strategically located in key regions worldwide.

Position:

Why We Hire

Team expansion due to the increased demand for the work and the scope expansion.

Position Details

As a member of the Cyber Security Defense Department (CSDD), you willbe responsible forleading and executing security operations for Rakuten products that support the Rakuten Ecosystem. In this role, you will work closely with product development teams as well as internal and external stakeholders to ensure the implementation and operation of necessary security controls based on best practices. By providing comprehensive security support across all phases of the software development lifecycle (SDLC), frominitialdesign through ongoing operations, you will play a critical role in strengthening the security posture of our products and enabling business success.

Responsibilities

- Lead and execute product security operations for Rakuten products, including secure development consultation,DevSecOpsintegration, and vulnerability management

- Lead the optimization and operation of security posture management across Rakuten’s cloud infrastructure

- Work closely with product development teams tointegrate security controls throughout the product lifecycle

- Collaborate with internal and external stakeholders to ensure security requirements are met andmaintained

- Provide end-to-end security support across all phases of the SDLC, frominitialdesign through ongoing operations

- Support product teams by providing expert security guidance and practical solutions

- Continuously gather and apply threat intelligence to help products address emerging threats and vulnerabilities

Mandatory Qualifications:

-Bachelor's degree in computer science, information security, or a related field

-3+ years of hands-on experience in application vulnerability assessment and network penetration testing, or equivalent practical knowledge

-Experience in using, administering, and automating cloud security and vulnerability management infrastructure

-Experience in programming with one or more languages, such as Java, PHP, Python, and JavaScript

-Familiarity with vulnerability management and incident response processes

-Familiarity withDevSecOpsbest practices and SDLC

-Strong teamwork skills and the ability to communicate with stakeholders in a diverse environment

-Strong senseof ownership and problem-solving skills

Desired Qualifications:

-Master's degree in computer science, information security, or a related field

-Experience in using and administering enterprise security testing solutions such as SAST, DAST, and SCA

-Experience in using and administering cloud infrastructuresecurity solution such as CSPM, CWPP and CIEM

-Experience in team development with DevOps and CI/CD tools such as GitHub Actions, Jenkins, and Terraform

-Familiarity with cloud-native technologies, such as containers, Kubernetes, and microservices

-Relevant certifications such as OSCP, OSWE, GPEN, and GCSA

-Proficiencyin business-level Japanese and English

#engineer #securityengineer #technologymanagementdiv

Languages:

English (Overall - 3 - Advanced)