Mid-Level Security Engineer (SIEM & Incident Response) - Rakuten-CERT Section, Cyber Security Defense Department (CSDD)

Job Description: Department Overview In Rakuten Group, the security and safety of the internet services are guaranteed by the Cyber Security Defense Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group. Position: Why We Hire We are seeking a highly motivated and experienced Mid-Level Security Engineer to join our corporate IT security monitoring team. This role is crucial in safeguarding our digital assets by focusing on robust Security Incident and Event Management (SIEM) practices, proactive incident response, and continuous threat detection enhancement. The ideal candidate will possess a strong technical background in cybersecurity, with a particular emphasis on SIEM tool utilization, incident response plan development and execution, and the ability to craft sophisticated detection use cases. Experience with the Secure Development Life Cycle (SDLC) and change management processes is also essential. You will play a key role in analyzing threats, responding to incidents, and collaborating with cross-functional teams to maintain a secure environment. 　 Position Details Security Incident and Event Management (SIEM) - Utilize SIEM tools to manage events, alerts, and logs related to security incidents, ensuring effective monitoring and analysis. - Perform regular reviews and updates of SIEM rules and threat intelligence to ensure the latest threats are included in detection. - Continuously test and tune detection rules and methods to improve detection accuracy and reduce false positives/negatives. - Develop, implement, and maintain custom signatures, rules, and policies for intrusion and anomaly detection, utilizing network, endpoint, and application data sources. Incident Response (IR) & Playbook Management - Establish and maintain incident response plans, playbooks, and procedures, ensuring they are current, effective, and align with industry best practices. - Respond to security incidents, including leading response activities and coordinating with cross-functional internal teams and third-party partners when necessary. - Assist in information and intelligence sharing with internal and external stakeholders during incident response. - Conduct real-time analysis of malware campaigns, threat actors, and known attack vectors to detect and report potential threats. - Deliver detailed technical reports of findings to management with recommended action plans and countermeasures as appropriate. Threat Detection & Use Case Development - Create, refine, and prioritize detection use-cases and threat scenarios to enhance our ability to identify and mitigate emerging threats. - Understand key threat actors and their tools, tactics, techniques, and procedures (TTPs) to ensure that testing scenarios simulate real-world attacks. - Analyze system and network data to identify potential indicators of compromise (IOCs). - Continuously research and evaluate security trends, threats, and emerging technologies to provide proactive and agile responses. Secure Development Life Cycle (SDLC) & Change Management - Partner with development teams and project/product managers to build and deliver secure services, integrating security throughout the SDLC. - Perform system requirements/system design reviews on systems to identify and address potential security vulnerabilities. - Evaluate and integrate security software solutions, ensuring they align with our security posture and architectural standards. - Join projects and create security-related guidelines, policies, and regulations. General Cybersecurity Expertise - Maintain situational awareness of the global threat landscape as well as overall industry trends and advancements. - Stay up-to-date with the latest security technologies and trends and identify opportunities to improve security architectures and processes. - Familiarity with regulatory frameworks such as NIST, CIS, and ISO standards. - Proficient in one or more scripting languages (e.g., Python, Ruby) for automating security tasks and analysis. - Proven knowledge in network and web application protocols and security issues. Mandatory Qualifications: - Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field. - Approximately 5+ years of experience in a security engineering role with incident response, cyber threat intelligence, security operations center (SOC) related additional experience. - Strong experience with SIEM tools, forensics, and malware analysis. - Knowledge of cyber threats and attack vectors, malware delivery, and command and control (C2) mechanisms. - Strong understanding of security frameworks such as NIST, CIS, and ISO 27001. - Ability to work under pressure and multitask in a fast-paced environment. - Excellent verbal and written communication skills; ability to convey complex technical information to non-technical stakeholders. - Strong teamwork capabilities in a diverse team environment. Desired Qualifications: - Experience with Purple Team testing methodologies, including automated testing tools and techniques. - Experience with at least one major commercial cloud environment. - Strong ownership and sense of responsibility. - Understanding of the MITRE ATT&CK Framework. - Proven experience in handling various cyber threats including ransomware, APTs, social engineering, and DDoS attacks. - Related professional certifications such as CISSP, GCIA, GCIH, GPEN, CEH, Security+, GIAC, OSCP/OSCE, or SSCP. - Japanese language communication skills. #engineer #securityengineer #technologymanagementdiv In Japanese, Rakuten stands for ‘optimism.’ It means we believe in the future. It’s an understanding that, with the right mind-set, we can make the future better by what we do today. So we challenge ourselves to evolve, innovate and experiment, to create a better, brighter future for everyone. Today, our 70+ businesses span e-commerce, digital content, communications and fintech, bringing the joy of discovery to almost 1.3 billion members across the world. If you have any trouble logging in, please contact us here Rakuten Group, Inc.: rakuten-recruiting-info@mail.rakuten.com Please read the Application Requirements(EN) / 募集要項(JP) before applying. Our Diversity & Inclusion Policy and Application Documents Rakuten’s corporate mission is to “contribute to society by creating value through innovation and entrepreneurship.” We foster a culture that provides equal opportunities to those who share this founding philosophy and take on the challenge to transform society, regardless of age, gender, nationality, or any other status. Diversity is one of Rakuten's core strategies and a driving force for innovation. Because of this, you are not required to submit any of the following information in order to apply for our job positions. - Gender - Age - Photo - Nationality - Information not related to business, such as ideological beliefs, family structure, etc. * For legal compliance, we may ask you about your work eligibility. See the details