会社名

楽天グループ株式会社

会社概要

未来を信じ、より良い明日を創っていく。
イノベーションを通じて、人々と社会をエンパワーメントする。私たちは、そんな想いを大切に世界の人々に喜びと楽しさを届けます。
楽天は、E コマース、FinTech、デジタルコンテンツ、通信など、70 を超えるサービスを展開し、世界10 億以上のユーザーに利用されています。
これら様々なサービスを、楽天会員を中心としたメンバーシップを軸に有機的に結び付け、他にはない独自の「楽天エコシステム」を形成しています。ダイバーシティ推進は、楽天にとって最優先の企業戦略のひとつです。従業員の出身は70カ国・地域以上。世界中からユニークで多様な文化的背景や視点を持つ優秀な人材が集まり、イノベーションの原動力になっています。社内カフェテリアにはベジタリアン、ハラル対応のメニューを用意。礼拝所（Prayer room）もあります。
また、仕事と育児の両立支援や、障がい者雇用・活躍促進も積極的に推進。社内のLGBT（※1）当事者やアライ（※2）に対して、情報共有やサポート体制の強化も進めています。誰もが自分らしく力を最大限発揮して働ける。それが楽天のダイバーシティです。

70を超えるサービスを提供し、世界30カ国にサービス展開拠点を持ち、従業員の出身国・地域数は100を超え、オープンポジション制度を活用して多様なキャリアを描くことができる点も魅力です。
フレックスタイム制度、事情に応じたリモートワークの活用が可能です。本社には託児所やフィットネスジム、三食無料で利用可能なカフェテリアが併設されるなど、社員を支える環境が整備されています。

ポジション

1032931　Product Security Engineer, Cloud & DevSecOps - Cyber Security Defense Department (CSDD)

仕事内容

Job Description:
Business Overview
The Technology Management Division (TMD) provides corporate IT, cyber security, and privacy governance to Rakuten Group companies and essential business management for technology organizations, thereby enabling innovation and strengthening its technology foundation. Within TMD, the Information Security Supervisory Department (ISSD) combines proactive cyber defense with strategic information security, privacy, and data governance to protect the company’s global assets and data.


Department Overview
The Cyber Security Defense Department (CSDD) is responsible for safeguarding all Rakuten companies and users from cyber threats, ensuring the security and integrity of Rakuten Group's global internet services. We oversee all aspects of both Secure Development and Security Operations for services developed within the group, with dedicated security teams and operation centers strategically located in key regions worldwide.


Position:
Why We Hire
Team expansion due to the increased demand for the work and the scope expansion. 


Position Details
As a member of the Cyber Security Defense Department (CSDD), you will be responsible for leading and executing security operations for Rakuten products that support the Rakuten Ecosystem. In this role, you will work closely with product development teams as well as internal and external stakeholders to ensure the implementation and operation of necessary security controls based on best practices. By providing comprehensive security support across all phases of the software development lifecycle (SDLC), from initial design through ongoing operations, you will play a critical role in strengthening the security posture of our products and enabling business success. 

 

Responsibilities
- Lead and execute product security operations for Rakuten products, including secure development consultation, DevSecOps integration, and vulnerability management

- Lead the optimization and operation of security posture management across Rakuten’s cloud infrastructure

- Work closely with product development teams to integrate security controls throughout the product lifecycle

- Collaborate with internal and external stakeholders to ensure security requirements are met and maintained

- Provide end-to-end security support across all phases of the SDLC, from initial design through ongoing operations

- Support product teams by providing expert security guidance and practical solutions

- Continuously gather and apply threat intelligence to help products address emerging threats and vulnerabilities

求める経験・スキル

Mandatory Qualifications:
- Bachelor's degree in computer science, information security, or a related field

- 3+ years of hands-on experience in application vulnerability assessment and network penetration testing, or equivalent practical knowledge

- Experience in using, administering, and automating cloud security and vulnerability management infrastructure

- Experience in programming with one or more languages, such as Java, PHP, Python, and JavaScript

- Familiarity with vulnerability management and incident response processes

- Familiarity with DevSecOps best practices and SDLC

- Strong teamwork skills and the ability to communicate with stakeholders in a diverse environment

- Strong sense of ownership and problem-solving skills



Desired Qualifications:
- Master's degree in computer science, information security, or a related field

- Experience in using and administering enterprise security testing solutions such as SAST, DAST, and SCA

- Experience in using and administering cloud infrastructure security solution such as CSPM, CWPP and CIEM

- Experience in team development with DevOps and CI/CD tools such as GitHub Actions, Jenkins, and Terraform

- Familiarity with cloud-native technologies, such as containers, Kubernetes, and microservices

- Relevant certifications such as OSCP, OSWE, GPEN, and GCSA

- Proficiency in business-level Japanese and English