Security Engineer - Rakuten - cert Section, Cyber Security Defense Department (csdd)

Cyber Security Defense Position

The Cyber Security Defense Department is responsible for all aspects of cybersecurity and secure development. Our functions include security training, security champions, security monitoring, incident response, digital forensics, penetration testing, red teaming, scanner integration, and more. We utilize a variety of technologies, including major Cloud Service Providers (CSPs) such as Azure and GCP, as well as tools like SIEM, Slack, Teams, and SOAR.

Position: Alert Tuning and In-Depth Analysis for Security Products:

- Analyzing alerts from security products (IDS, EDR, Firewall, SASE) and tuning them to reduce false positives.

- Identifying signs of attacks and security incidents from these alerts, and performing detailed root cause analysis and impact assessment.

- Creating and improving detection rules to address new attack techniques.

Position: Security Product Alert Analysis and Incident Response on Windows and Linux Hosts:

- Analyzing security product alerts to identify security incidents.

- Performing initial incident response, impact assessment, containment, and remediation efforts when incidents occur.

- Developing and implementing measures to prevent recurrence after incident response.

Position: SIEM Use Case Development:

- Developing SIEM (Security Information and Event Management) Use Cases (detection rules) for collecting and analyzing security logs.

- Improving Use Cases to address new threats and attack techniques.

- Analyzing SIEM operational status to identify and implement improvements.

- Collaborating with service personnel and related departments to integrate new logs into the SIEM.

Mandatory Qualifications:

- Minimum of 3 years of experience in cybersecurity-related fields, particularly in alert triage, incident response, and threat detection.

- Knowledge of TCP/IP networking.

- Experience with SIEM and security products (IDS/IPS, EDR, Firewall, WAF, SASE, etc.).

- Experience using scripting languages (e.g., Python, Bash).

- Strong leadership and teamwork skills in a diverse team environment with members from different backgrounds.

- Excellent verbal and written communication skills.

- Strong sense of ownership and responsibility towards work.

Desired Qualifications:

- Knowledge of Linux/Windows OS security.

- Experience in managing and configuring security products.

- Experience in developing SIEM Use Cases.

- Deep understanding of the MITRE ATT&CK Framework.

- Experience in designing and building log collection and analysis systems.

- Knowledge of cloud environment (e.g., AWS, Azure, GCP) security and experience using cloud services.

- Japanese language communication skills.

- Security-related certifications (e.g., CompTIA Security+, CEH, CISSP).

Others Information: Additional information on English Qualification:

Since Rakuten employs individuals with diverse nationalities and backgrounds, communication in English is essential.