Cyber Threat Investigator

Rakuten Symphony is reimagining telecom, changing supply chain norms and disrupting outmoded thinking that threatens the industry’s pursuit of rapid innovation and growth. Based on proven modern infrastructure practices, its open interface platforms make it possible to launch and operate advanced mobile services in a fraction of the time and cost of conventional approaches, with no compromise to network quality or security. Rakuten Symphony has operations in Japan, the United States, Singapore, India, South Korea, Europe, and the Middle East Africa region. For more information, visit:on the technology Rakuten used to launch Japan’s newest mobile network, we are taking our mobile offering global.To support our ambitions to provide an innovative cloud-native telco platform for our customers, Rakuten Symphony is looking to recruit and develop top talent from around the globe. We are looking for individuals to join our team across all functional areas of our business – from sales to engineering, support functions to product development.Let’s build the future of mobile telecommunications together!About Rakuten Rakuten Group, Inc. (TSE: 4755) is a global leader in internet services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to approximately 1.5 billion members around the world. The Rakuten Group has over 27,000 employees, and operations in 30 countries and regions. For more information visit you will work with: Rakuten Mobile, Inc. is an entity established for the launch of its mobile carrier business as an MNO (Mobile Network Operator.) We aim to provide the most competitive and convenient service to meet our customers’ needs and demands via the innovative use of technology. Defining future world-standard innovations in the MNO industry, we continually challenge ourselves and capabilities. We are looking for talented individuals who are interested in partnering with us to create and deliver world class solutions.In this role, you will be responsible to lead various digital forensics and incident response (DFIR) activities across the 4G/5G mobility network for Rakuten Mobile in Japan. The team is looking for a highly technical individual with hands on technical experience and leadership qualities to support our growing team in Japan and build a world class DFIR capability.Role Summary: Actively investigate security events and manage incident response and digital forensic investigations across a range of computing environments, platforms, and applications, including Windows, Linux-based operating systems, Mobile Devices, Open-Source Container Orchestration systems, public cloud software-as-a-service applications, and inhouse hosted infrastructure-as-a-service platforms.Detailed Roles & Responsibilities: Perform security triage and forensic analysis of compromised computing environments and systems including Windows, Linux, Mac OS and Mobile devices. Forensically analyze end user systems and servers found to have possible indicators of compromise. Perform security reviews of firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity. Collect and analyze data to identify cyber security flaws and vulnerabilities and make recommendations that enable prompt remediation. Perform memory forensics and binary file analysis as needed. Investigate and analyze malicious code and/or malware by performing malware analysis. Develop and maintain incident response and forensic activity plans, runbooks, and other preparedness documentation. Coordinate with server owners, system custodians, and IT/Network contacts to pursue security incident response activities, including obtaining access to systems, digital forensic artifact collection, and containment and/or remediation actions. Develop and maintain IR script repository to support automated forensic artifact collection and analysis. Lead and mentor a team of DFIR analysts with guidance and support during incident analysis. Provide support to prepare cyber security incident investigation report. Identify and propose areas for improvement within the Incident Response team. Availability during nights/weekends as needed for DFIR activities. Conduct research and development on cyber security incidents and mitigations. Collaborate with others in the Security Operations department to develop and implement innovative strategies for monitoring and preventing attackers.Minimum Requirements: Bachelor’s degree in Computer Science or related field. 7 -10 years of experience in Digital Forensics and Incident Response performing Incident Triage, Investigation, Evidence collection, analysis, and reporting. Good understanding of data collection and preservation principles. Understanding of file system, file types, encodings, encryptions, drive structures etc. Proficient in the use of forensic tools such as FTK, EnCase, Axiom, X-Ways, Volatility, etc. Experience with various forensic log artefacts found in SIEM logs, Firewall logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs. Prior experience using SIEM/EDR/XDR products (e.g., Splunk, QRadar, ELK, Crowdstrike, Spyderbat, Carbon Black, Sentinel One, Tanium, Trend Micro, others) to investigate threats and perform triage activities. Must have experience with scripting/programming in at least one language (e.g., Go, Python, PowerShell). Must possess strong experience in security engineering and network technologies, Operating Systems and network security, common attack patterns and exploitation techniques. Must possess an understanding of all aspects of incident response and digital forensics, evidence handling procedures, conducting, and managing cyber investigations and case management. Understanding of common threat actor techniques (Mitre Att&ck), malware behavior and persistence mechanisms. Ability to analyze and solve complex technical problems. Must be able to complete multiple tasks under scheduled deadlines. Must be willing to participate in on-call rotation and work after hours as needed. Ability to influence decision makers with data and objective analysis. Must possess strong oral and written communication, analytical, and problem-solving capabilities as well as excellent judgment and self-motivation. Must have a passion for research and uncovering the unknown about cyber security threats and threat actors. Familiarity with Public Cloud platforms (GCP/AWS/Azure). Knowledge of Containerization, Kubernetes, Docker is a plus.Preferred Requirements: Applicable GIAC Certifications such as OSCP/E, GNFA, GCFE, GCFA, or GREM. Microsoft Azure and/or Office 365 platform knowledge and experience. Experience working in Telecom (MNO/MVNO) sector is preferable, but not required

Apply Now