Job Description
Department Overview
In Rakuten Group , the security and safety of the Internet services are guaranteed by the Cyber Security Defence Department (CSDD). CSDD covers all aspects of the System Development Life Cycle (SDLC) and operation security for all the services developed inside Rakuten Group.
Position Details
As a member of CSDD Security Audit Group, you will execute offensive security activities and vulnerability assessment tests against the wide variety of systems and will be challenged to various projects in different aspect of security while working with other peer engineers. Expected tasks ranging from but not limited to finding security vulnerabilities, writing scripts to automate security tasks, enhance the network security of Rakuten infrastructure, and provide remediation suggestions.
Responsibilities
- Perform regular and request based vulnerability assessment projects
- Provide reports and make recommendations to findings in responsive fashion
- Propose remediation and aid development teams to improve their security status
Mandatory Qualifications
- Bachelor degree or above in Computer Science, Information Security, or related field
- Minimum 2 years of experience in IT/Information Security related fields
- 2 years of experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment
- Understanding of the core concepts of web/mobile application and security issues
- experience with web application vulnerability scanner (Burp Suite, AppScan, Acunetix, Web Inspect, etc)
- Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25
- Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP request
- Proficient in one or more scripting languages, ex: Python, Ruby
- Ability to suggest/recommend remediation to fix vulnerability
- Proven knowledge of network and web application protocols
- Strong teamwork capability in a diverse team environment
- Ability to work in a highly diverse environment
Desired Qualifications
- Experience in Web/Mobile application development
- Experience in using major web frameworks
- Experience with at least one major commercial cloud environment
- Experience in a diverse workplace, and work well in a team environment
- Holder of any security-related certifications, ex: CEH, OSCP
- Strong verbal and written communications skill
- Strong ownership and sense of responsibility ‘
Languages
English (Overall – 4 – Fluent)