Security Generalist (Cloud Platform Security Group):CPD

    0
    2346

    Rakuten

    In the Cloud Platform Department (CPD), we aim to build and maintain robust infrastructure platform solutions that enable and empower Rakuten’s businesses around the world.

    Cloud Platform Department in Rakuten offers a wide range of services and products to Rakuten Group Services through our a cloud platform including but not limited to IaaS, PaaS, SaaS, Cloud Storage, CI & CD Pipelines, Image Delivery, Network as a Service.

    The successful candidate will work in a Kubernetes-based in-house cloud computing environment with the main objective of helping secure the computing environment.

    The main responsibilities include helping with PCI DSS compliance and related activities such as providing consultation, assessing further security requirements and suggesting mitigations.

    Additionally, the candidate will need to create proof of concept installations for a particular security tools and consequent administration of said tool. Therefore, the candidate should have engineering and system administration experience.

    Thanks to the detailed knowledge of department’s computing environment, the candidate will act as bridge to the company’s Cyber Security Defense Department and the Information Security & Privacy Governance Department (ISPD) and help with communication between the products’ development teams and the mentioned departments.

    Responsibilities:

    • Implement open-source/third-party tools to assist in detection, prevention and analysis of security threats
    • Suggest implementation of protections (patch management, compensatory controls)
    • Analyze ACLs/firewall rules, provide suggestions on configuration and possible improvements
    • Conduct periodic security scans to find any vulnerability
    • Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior. Work with CSDD on improving filtering
    • Operate department-owned security tools
    • Investigate security incidents and escalate according to defined processes
    • Act as a bridge between security alerts from SOC and affected products owner and development team
    • Cooperate with ISPD and CSDD in case of security incidents
    • Advise product development teams on PCI DSS-related questions

    Read More…