Offensive Security Lead

Why should you choose us?

Are you interested in working for a Global Leader in E-commerce? Are you excited about working on highly scalable platforms and applications that are accessed by millions of users every day? If so, read on to find out more about the opportunity.

Rakuten Symphony is a Rakuten Group company, providing global B2B services for the mobile telco industry and enabling next-generation, cloud-based, international mobile services. Building on the technology Rakuten used to launch Japans newest mobile network, we are taking our mobile offering global. To support our ambitions to provide an innovative cloud-native telco platform for our customers, Rakuten Symphony is looking to recruit and develop top talent from around the globe. We are looking for individuals to join our team across all functional areas of our business from sales to engineering, support functions to product development. Lets build the future of mobile telecommunications together!

About Rakuten Rakuten Group, Inc. (TSE: 4755) is a global leader in internet services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to approximately 1.5 billion members around the world. The Rakuten Group has over 27,000 employees, and operations in 30 countries and regions. For more information visit https://global.rakuten.com/corp/.

About Department

Security Assurance Department is responsible for maintaining organization wide security. The department has four sections of which Penetration Testing section is in-charge of performing red teaming, regular black-box, white box, and grey box tests on all network functions and devices, conducting in-depth penetration tests as well as keeping up with recent weaknesses and vulnerabilities. The team is also responsible of verifying software security for any source code developed by Rakuten Mobile, security testing of Apps and security testing of Rakuten Mobile devices.

Job duties

We are looking for a Security Engineering professional who will conduct offensive security engagements, lead a team of cybersecurity professionals, develop strategies to improve the organization's security posture, and ensure compliance with relevant laws and regulations.

• Conducting infrastructure and application red team exercises and penetration tests
• Designing and implementing simulated attacks to identify potential security vulnerabilities preferably in Telco mobile environment
• Leading and managing a team of cybersecurity professionals.
• Developing strategies for improving the organization's security posture.
• Collaborating with the IT and security teams to address security vulnerabilities.
• Staying up to date with the latest trends and developments in cybersecurity.
• Preparing reports detailing the results of simulated attacks and making recommendations for improvements.
• Providing training to employees on cybersecurity best practices.
• Ensuring compliance with relevant laws, regulations, and industry standards.
• Assisting in the development of security policies and procedures.
• Proficiency in penetration testing tools (e.g., Metasploit, Nmap, Burp suite, Wireshark).
• Strong understanding of networking, operating systems, and programming (Python,
  PowerShell).
• Experience with social engineering tactics and tools (e.g., Social Engineering Toolkit).
• Excellent analytical and problem-solving skills.

Minimum Qualification

• Bachelor's degree in computer science, information technology, cybersecurity, or a related field.
• 8+ years of experience in offensive security/Red team
• Strong knowledge of various hacking techniques and the ability to think like a hacker.

Preferred Qualification

• Cloud Security experience in GCP, AWS, and Azure.
• Knowledge of Containerization, Kubernetes, and Docker.
• Resilient and approachable with the ability to work successfully in a dynamic, fast-paced environment.
• Experience in CTF competitions or Bug Bounty programs.
• Experience in Web and mobile (iOS/Android) application testing.
• Experience in malware analysis/reverse engineering.
• Experience in Internet of Things (IoT) security and exploitation.
• High responsibility, professional mindset.
• Experience in performing log analysis and incident responses.
• Ability to work under pressure.
• A self-starter able to work independently but comfortable and effective working in a team environment.
• Familiarity with threat modeling and risk assessment methodologies.
• Strong communication skills for reporting and presenting findings.

Certifications :

Offensive Security Certified Professional (OSCP), CompTIA PenTest+, GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), Certified Red Team Operations Professional (CRTOP), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), and Global Information Assurance Certification (GIAC) Web Application Penetration Tester (GWAPT).

A combination of these certifications, along with practical experience, is essential for this role.