Job description

Job Description:

Department Overview

In Rakuten Group, Inc., security and safety of the internet services are guaranteed by Cyber Security Defense Department (CSDD), the core of Rakuten-CERT. Rakuten Security Team has been fighting against various cyber threats, and Cyber Threat Intelligence Team is in charge of Threat Intelligence activities for Rakuten group companies and we're looking for Threat Intelligence Analyst.

Position:

Position Details

Responsibilities:

- Lead and coordinate the response to cybersecurity incidents, including detection, containment, eradication, and recovery, while ensuring clear communication and collaboration across teams.

- Analyze logs from various sources (e.g., firewalls, SIEM, IDS/IPS, endpoint detection tools) to identify threats, investigate anomalies, and determine the scope and impact of incidents.

- Perform digital forensic investigations on compromised systems, including memory dumps, disk images, and network traffic, while preserving evidence in accordance with legal and organizational requirements.

- Use tools to quickly analyze malicious files, scripts, and executables to identify indicators of compromise (IOCs) and take necessary actions for containment, blocking, and mitigation.

- Prepare detailed incident reports, including root cause analysis, impact assessments, and recommendations for improvement, and communicate findings to stakeholders, including technical teams and management.

- Proactively identify and recommend improvements to security controls, processes, and tools to reduce the likelihood of future incidents, and conduct threat hunting activities to mitigate risks.

- Provide guidance and training to internal teams on incident response best practices and stay up-to-date with the latest cybersecurity trends, tools, and techniques.

Mandatory Qualifications:

- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience).
- 3+ years of experience in cybersecurity, with a focus on incident response, digital forensics, or threat detection.

- Strong knowledge of security tools and technologies, such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability scanners.

- Proficiency in log analysis and familiarity with log formats (e.g., syslog, Windows Event Logs).

- Hands-on experience with Incident Response (IR) processes and methodologies.

- Familiarity with scripting and automation (e.g., Python, PowerShell, Bash) to streamline incident response processes.

- Strong sense of ownership and responsibility.

- Excellent problem-solving, analytical, and communication skills.

- Ability to work under pressure and handle multiple incidents simultaneously.

Desired Qualifications:

- Relevant certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), or Certified Ethical Hacker (CEH).

- Experience handling escalated cases from a Security Operations Center (SOC).

- Hands-on experience with forensic tools (e.g., EnCase, FTK, Volatility) and malware analysis tools (e.g., Cuckoo Sandbox, VirusTotal).

- Experience with cloud security and incident response in cloud environments (e.g., AWS, Azure, Google Cloud).

- Knowledge of MITRE ATT&CK framework and its application in threat detection and response.

- Ability to communicate in Japanese.

#engineer
#technologymanagementdivision
#securityengineer

Required profile