楽天グループ株式会社：1029690　Mid-Level Security Engineer (SIEM & Incident Response) – Rakuten-CERT Section, Cyber Security Defense Department (CSDD)

会社名

楽天グループ株式会社

会社概要

未来を信じ、より良い明日を創っていく。
イノベーションを通じて、人々と社会をエンパワーメントする。私たちは、そんな想いを大切に世界の人々に喜びと楽しさを届けます。
楽天は、E コマース、FinTech、デジタルコンテンツ、通信など、70 を超えるサービスを展開し、世界10 億以上のユーザーに利用されています。
これら様々なサービスを、楽天会員を中心としたメンバーシップを軸に有機的に結び付け、他にはない独自の「楽天エコシステム」を形成しています。ダイバーシティ推進は、楽天にとって最優先の企業戦略のひとつです。従業員の出身は70カ国・地域以上。世界中からユニークで多様な文化的背景や視点を持つ優秀な人材が集まり、イノベーションの原動力になっています。社内カフェテリアにはベジタリアン、ハラル対応のメニューを用意。礼拝所（Prayer room）もあります。
また、仕事と育児の両立支援や、障がい者雇用・活躍促進も積極的に推進。社内のLGBT（※1）当事者やアライ（※2）に対して、情報共有やサポート体制の強化も進めています。誰もが自分らしく力を最大限発揮して働ける。それが楽天のダイバーシティです。

70を超えるサービスを提供し、世界30カ国にサービス展開拠点を持ち、従業員の出身国・地域数は100を超え、オープンポジション制度を活用して多様なキャリアを描くことができる点も魅力です。
フレックスタイム制度、事情に応じたリモートワークの活用が可能です。本社には託児所やフィットネスジム、三食無料で利用可能なカフェテリアが併設されるなど、社員を支える環境が整備されています。

ポジション

1029690　Mid-Level Security Engineer (SIEM & Incident Response) - Rakuten-CERT Section, Cyber Security Defense Department (CSDD)

仕事内容

Security Incident and Event Management (SIEM)
- Utilize SIEM tools to manage events, alerts, and logs related to security incidents, ensuring effective monitoring and analysis.
- Perform regular reviews and updates of SIEM rules and threat intelligence to ensure the latest threats are included in detection.
- Continuously test and tune detection rules and methods to improve detection accuracy and reduce false positives/negatives.
- Develop, implement, and maintain custom signatures, rules, and policies for intrusion and anomaly detection, utilizing network, endpoint, and application data sources.
 
Incident Response (IR) & Playbook Management
- Establish and maintain incident response plans, playbooks, and procedures, ensuring they are current, effective, and align with industry best practices.
- Respond to security incidents, including leading response activities and coordinating with cross-functional internal teams and third-party partners when necessary.
- Assist in information and intelligence sharing with internal and external stakeholders during incident response.
- Conduct real-time analysis of malware campaigns, threat actors, and known attack vectors to detect and report potential threats.
- Deliver detailed technical reports of findings to management with recommended action plans and countermeasures as appropriate.
 
Threat Detection & Use Case Development
- Create, refine, and prioritize detection use-cases and threat scenarios to enhance our ability to identify and mitigate emerging threats.
- Understand key threat actors and their tools, tactics, techniques, and procedures (TTPs) to ensure that testing scenarios simulate real-world attacks.
- Analyze system and network data to identify potential indicators of compromise (IOCs).
- Continuously research and evaluate security trends, threats, and emerging technologies to provide proactive and agile responses.

Secure Development Life Cycle (SDLC) & Change Management
- Partner with development teams and project/product managers to build and deliver secure services, integrating security throughout the SDLC.
- Perform system requirements/system design reviews on systems to identify and address potential security vulnerabilities.
- Evaluate and integrate security software solutions, ensuring they align with our security posture and architectural standards.
- Join projects and create security-related guidelines, policies, and regulations.

General Cybersecurity Expertise
- Maintain situational awareness of the global threat landscape as well as overall industry trends and advancements.
- Stay up-to-date with the latest security technologies and trends and identify opportunities to improve security architectures and processes.
- Familiarity with regulatory frameworks such as NIST, CIS, and ISO standards
- Proficient in one or more scripting languages (e.g., Python, Ruby) for automating security tasks and analysis.
- Proven knowledge in network and web application protocols and security issues

求める経験・スキル

Mandatory Qualifications:
- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.
- Approximately 5+ years of experience in a security engineering role with incident response, cyber threat intelligence, security operations center (SOC) related additional experience.
- Strong experience with SIEM tools, forensics, and malware analysis.
- Knowledge of cyber threats and attack vectors, malware delivery, and command and control (C2) mechanisms.
- Strong understanding of security frameworks such as NIST, CIS, and ISO 27001.
- Ability to work under pressure and multitask in a fast-paced environment.
- Excellent verbal and written communication skills; ability to convey complex technical information to non-technical stakeholders.
- Strong teamwork capabilities in a diverse team environment.

Desired Qualifications:
- Experience with Purple Team testing methodologies, including automated testing tools and techniques.
- Experience with at least one major commercial cloud environment.
- Strong ownership and sense of responsibility.
- Understanding of the MITRE ATT&CK Framework.
- Proven experience in handling various cyber threats including ransomware, APTs, social engineering, and DDoS attacks.
- Related professional certifications such as CISSP, GCIA, GCIH, GPEN, CEH, Security+, GIAC, OSCP/OSCE, or SSCP.
- Japanese language communication skills.