In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.
As a member of CSDD Security Audit Group, you will execute offensive security activities and penetration tests against the wide variety of systems and will be challenged to various projects in different aspect of security while working with other peer engineers. Expected tasks ranging from but not limited to finding security vulnerabilities, writing scripts to automate security tasks, enhance the network security of Rakuten infrastructure, and provide remediation suggestions. You will develop novel attack techniques against new and existing products & deliver high-quality risk reporting outputs for stakeholders across Rakuten group companies.
【Key responsibilities】 •Planning, execution, and quality control of security testing and adversary emulation engagements •Develop attack vectors, conduct reconnaissance, collect open-source intelligence, enumerate target networks and services, develop and execute exploits, and deliver payloads to demonstrate mission impact •Demonstrate the risk, document findings, and provide remediation recommendations and mitigation strategies •Develop and present accurate and comprehensive reports for both non-technical and technical audiences including leadership •Contribute to the development of automated tools and procedures to maximize efficiency in Red Team services •Stay informed of new and emerging adversary TTPs, and evaluate their impact on Rakuten Group. •Support Vulnerability Assessment of Rakuten products (by both manual test & DAST) •Evaluate and integrate security software solutions •Perform technical analysis, testing, or demonstrate the security threats in simple POCs •Support development teams as a technical consultant •Working alongside other engineers and stakeholders to deliver global projects and initiatives
【Mandatory qualifications】 •Minimum 4 years of experience in IT/Information Security related fields •2+ years of experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment •Understanding of the core concepts of web/mobile application and security issues •Proficient in one or more scripting languages, ex: Python, Ruby •Proven knowledge of network and web application protocols •Familiarity and knowledge of Active Directory concepts •Strong teamwork capability in a diverse team environment •Ability to work in a highly diverse environment
【Desired qualifications】 •Experience in Web/Mobile application development •Experience in using major web frameworks •Experience with red teaming and common TTPs (Tactics, Techniques and Procedures) •Experience with at least one major commercial cloud environment •Experience in a diverse workplace, and work well in a team environment •Holder of any security-related certifications, ex: OSCP/OSCE, CISSP •Strong verbal and written communications skill •Strong ownership and sense of responsibility