In Rakuten Group, the security and safety of the Internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.
As a member of CSDD Security Audit Group, you will execute offensive security activities and penetration tests against the wide variety of systems and will be challenged to various projects in different aspect of security while working with other peer engineers. Expected tasks ranging from but not limited to finding security vulnerabilities, writing scripts to automate security tasks, enhance the network security of Rakuten infrastructure, and provide remediation suggestions. You will develop novel attack techniques against new and existing products & deliver high-quality risk reporting outputs for stakeholders across Rakuten group companies.
【Key responsibilities】
•Planning, execution, and quality control of security testing and adversary emulation engagements
•Develop attack vectors, conduct reconnaissance, collect open-source intelligence, enumerate target networks and services, develop and execute exploits, and deliver payloads to demonstrate mission impact
•Demonstrate the risk, document findings, and provide remediation recommendations and mitigation strategies
•Develop and present accurate and comprehensive reports for both non-technical and technical audiences including leadership
•Contribute to the development of automated tools and procedures to maximize efficiency in Red Team services
•Stay informed of new and emerging adversary TTPs, and evaluate their impact on Rakuten Group.
•Support Vulnerability Assessment of Rakuten products (by both manual test & DAST)
•Evaluate and integrate security software solutions
•Perform technical analysis, testing, or demonstrate the security threats in simple POCs
•Support development teams as a technical consultant
•Working alongside other engineers and stakeholders to deliver global projects and initiatives
•Minimum 4 years of experience in IT/Information Security related fields
•2+ years of experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment
•Understanding of the core concepts of web/mobile application and security issues
•Proficient in one or more scripting languages, ex: Python, Ruby
•Proven knowledge of network and web application protocols
•Familiarity and knowledge of Active Directory concepts
•Strong teamwork capability in a diverse team environment
•Ability to work in a highly diverse environment
•Experience in Web/Mobile application development
•Experience in using major web frameworks
•Experience with red teaming and common TTPs (Tactics, Techniques and Procedures)
•Experience with at least one major commercial cloud environment
•Experience in a diverse workplace, and work well in a team environment
•Holder of any security-related certifications, ex: OSCP/OSCE, CISSP
•Strong verbal and written communications skill
•Strong ownership and sense of responsibility
• 2022幸福企業-金獎 • 2021幸福企業-金獎 • 2020HR Asia Awards • 壽星最大,生日當月爽放生日假一天 • 到職第一年就享有8天特休假 (依到職比例計算,第2年起11天,當年度休不完還可以延到隔年底) • 自選式福利補助金每年一萬元,讓你彈性選擇使用樂天的服務 • 員工認股計畫,陪著樂天一起成長 • 完善的公司內、外教育訓練課程及海外受訓機會 • 參與跨國專案或國外研討會,培養國際化歷練 • 全球樂天賞機制,獲獎送你免費遊日本 • 年度員工健康檢查,您的健康是樂天最大的幸福 • 飲料/零食販賣機,再忙也會陪你喝杯咖啡 • 辦公室樂活舒壓按摩服務 • 全額補助團保,讓您無後顧之憂
