Senior Cyber Threat Hunter (RMI Security Eng. & Ops Dep)

Job Description:

About Organization

Rakuten Mobile, Inc. is an entity established for the launch of its mobile carrier business as an MNO (Mobile Network Operator). We aim to provide the most competitive and convenient service to meet our customer needs and demands via the innovative use of technology. Defining future world-standard innovations in the MNO industry, we continually challenge ourselves and capabilities.

The Security Engineering & Operations Department at Rakuten Mobile is at the forefront of protecting our innovative mobile network infrastructure and services. We are building a robust cyber defense organization to safeguard our customers and operations from evolving cyber threats. We are looking for talented individuals who are interested in working with us to create and deliver world-class security solutions.

We are seeking a senior Threat Hunter to join our growing cyber defense organization. This role is crucial for proactively identifying and mitigating advanced threats, ensuring the resilience and security of our cutting-edge mobile network.

Job Duties

The Senior Cyber Threat Hunter will play a critical role in strengthening Rakuten Mobile's cyber defense posture. This position requires a highly proactive, detail-oriented, and process-driven individual who can translate hunting outcomes into clear, actionable recommendations for improving security and mitigating future risks.

Key Responsibilities:

• Proactive Threat Hunting: Develop and execute hypothesis-driven campaigns, meticulously analyzing large volumes of log, endpoint, and network data to uncover anomalous or malicious activity, and thoroughly documenting findings.
• Adversary Research: Research and track adversary Tactics, Techniques, and Procedures (TTPs), leveraging frameworks like MITRE ATT&CK to build and test threat hypotheses beyond simple Indicator of Compromise (IOC) searches.
• Actionable Security Improvements: Translate hunting outcomes into actionable security enhancements, creating detection logic, data requirements, false positive guidance, and validation steps for new and refined detections.
• Collaboration & Improvement: Collaborate closely with the Detection Engineering team to enhance detection rules and playbooks, and contribute to the continuous improvement of hunting methodologies.
• Incident Support: Partner with Cyber Threat Intelligence, Incident Response, and SOC teams to operationalize threat insights, provide support during incidents, and assist in investigation and containment efforts.
• Technical Analysis: Perform in-depth technical analysis of attacker tradecraft, including lateral movement, persistence, and exfiltration techniques, to understand attack vectors and establish intrusion chains.
• Tool Utilization: Utilize advanced security tools such as SIEM, UEBA, and forensic analysis platforms to conduct hunts and confirm threats.
• Automation: Automate analysis and detection processes using scripting languages (e.g., Python, PowerShell) to improve efficiency and scale.
• Continuous Learning: Stay current with the evolving threat landscape and emerging adversary techniques to maintain effective threat hunting capabilities.

Minimum Qualifications

• Experience:
  
  • Minimum of 10-12 years of experience in cybersecurity, with strong expertise in Cyber Threat Hunting.
  • Demonstrable experience in Incident Response and Forensics.
  • Exposure to Security Operations, Threat Intelligence, and Malware Analysis.
• Education: Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
• Technical Skills & Knowledge:
  
  • In-depth knowledge of the MITRE ATT&CK framework, including the ability to map adversary behaviors to understand attack vectors and predict potential threats.
  • Strong understanding of enterprise network architecture, including advanced networking concepts (e.g., TCP/IP, routing, firewalls, VPNs), networking protocols, deep packet inspection, and network traffic analysis.
  • Expertise in telecommunication protocols and infrastructure, particularly those relevant to mobile environments (e.g., 4G/5G, SS7, Diameter, GTP), and the ability to identify threats within these specialized networks.
  • Deep understanding of cloud-native environments, including Kubernetes and container orchestration, with proven experience in hunting for threats and anomalies within these complex infrastructures.
  • Demonstrated experience with major cloud platforms (e.g., AWS, Azure, GCP) and their native security services, with the ability to perform threat hunting across diverse cloud environments.
  • Experience and strong interest in leveraging advanced AI capabilities, including Machine Learning (ML) models and Large Language Models (LLMs), to enhance threat hunting, automate analysis, and improve operational efficiency.
• Soft Skills:
  
  • Exceptional analytical expertise, critical thinking, and problem-solving skills, with a keen attention to detail.
  • Knowledge of secure architecture and design principles, with the ability to identify potential weaknesses and propose proactive hunting strategies based on system design.
  • Excellent written and verbal communication skills, with the ability to present complex technical information and metrics clearly to both technical and non-technical audiences.
  • Demonstrated strong documentation discipline, capable of producing repeatable work and facilitating clean handoffs.
  • Ability to work effectively in a fast-paced, operational environment, including flexibility for non-standard work hours in response to cybersecurity incidents.
  • A strong aptitude for continuous learning and adapting quickly to new technologies and threat landscapes.
  • Understanding of regulatory compliance and data privacy requirements relevant to cybersecurity operations.

Preferred Qualifications

• Industry certifications such as SANS FOR508, CISSP.

Languages:

English (Overall - 3 - Advanced)