Rakuten
Product Security Engineer, Cloud & DevSecOps - Cyber Security Defense Department (CSDD)
Company
Role
Product Security Engineer, Cloud & DevSecOps - Cyber Security Defense Department (CSDD)
Location
Japan
Job type
Full time
Posted
6 hours ago
Salary
Job description
Job Description:
Business Overview
The Technology Management Division (TMD) provides corporate IT, cyber security, and privacy governance to Rakuten Group companies and essential business management for technology organizations, thereby enabling innovation and strengthening its technology foundation. Within TMD, the Information Security Supervisory Department (ISSD) combines proactive cyber defense with strategic information security, privacy, and data governance to protect the company’s global assets and data.
Department Overview
The Cyber Security Defense Department (CSDD) is responsible for safeguarding all Rakuten companies and users from cyber threats, ensuring the security and integrity of Rakuten Group's global internet services. We oversee all aspects of both Secure Development and Security Operations for services developed within the group, with dedicated security teams and operation centers strategically located in key regions worldwide.
Position:
Why We Hire
Team expansion due to the increased demand for the work and the scope expansion.
Position Details
As a member of the Cyber Security Defense Department (CSDD), you will be responsible for leading and executing security operations for Rakuten products that support the Rakuten Ecosystem. In this role, you will work closely with product development teams as well as internal and external stakeholders to ensure the implementation and operation of necessary security controls based on best practices. By providing comprehensive security support across all phases of the software development lifecycle (SDLC), from initial design through ongoing operations, you will play a critical role in strengthening the security posture of our products and enabling business success.
Responsibilities
- Lead and execute product security operations for Rakuten products, including secure development consultation, DevSecOps integration, and vulnerability management
- Lead the optimization and operation of security posture management across Rakuten’s cloud infrastructure
- Work closely with product development teams to integrate security controls throughout the product lifecycle
- Collaborate with internal and external stakeholders to ensure security requirements are met and maintained
- Provide end-to-end security support across all phases of the SDLC, from initial design through ongoing operations
- Support product teams by providing expert security guidance and practical solutions
- Continuously gather and apply threat intelligence to help products address emerging threats and vulnerabilities
Mandatory Qualifications:
- Bachelor's degree in computer science, information security, or a related field
- 3+ years of hands-on experience in application vulnerability assessment and network penetration testing, or equivalent practical knowledge
- Experience in using, administering, and automating cloud security and vulnerability management infrastructure
- Experience in programming with one or more languages, such as Java, PHP, Python, and JavaScript
- Familiarity with vulnerability management and incident response processes
- Familiarity with DevSecOps best practices and SDLC
- Strong teamwork skills and the ability to communicate with stakeholders in a diverse environment
- Strong sense of ownership and problem-solving skills
Desired Qualifications:
- Master's degree in computer science, information security, or a related field
- Experience in using and administering enterprise security testing solutions such as SAST, DAST, and SCA
- Experience in using and administering cloud infrastructure security solution such as CSPM, CWPP and CIEM
- Experience in team development with DevOps and CI/CD tools such as GitHub Actions, Jenkins, and Terraform
- Familiarity with cloud-native technologies, such as containers, Kubernetes, and microservices
- Relevant certifications such as OSCP, OSWE, GPEN, and GCSA
- Proficiency in business-level Japanese and English
#engineer #securityengineer #technologymanagementdiv
Languages:
English (Overall - 3 - Advanced)