bout our company

SMALL WORLD is a Japanese consultancy with more than 10 years of experience in hiring and serving candidates from all around the world. We help them make a smooth transition while giving them job security.

For more information, please visit: www.smallworld.asia

The positions available are permanent positions with our company, SMALL WORLD, and contractual with Rakuten. This means that you will be working in Rakuten HQ but you will be on our payroll with all the benefits of a regular full-time employee.

***

Software Security Testing Specialist at Rakuten(Haken)

Language Requirement:

English - Business level

Japanese - (JLPT N3 or higher).

Position details:

This position will primarily focus on providing comprehensive support for vulnerability remediation and audits, ensuring effective and efficient resolution of vulnerabilities reported by scanners during DevSecOps. While security testing responsibilities are included, the main focus of this role is to assist development teams in remediating vulnerabilities.

The person should be a passionate security professional with excellent communication skills who pays attention to detail to understand, explain, and track vulnerabilities.

【Responsibilities/ 担当業務】

* Vulnerability Remediation Support

* Provide support for remediating vulnerabilities identified through DevSecOps scanners (e.g., SAST, DAST, SCA).

* Assist development teams in understanding vulnerability reports and recommending appropriate remediation strategies.

* Assist in reviewing security remediation or justification evidence provided by development teams to ensure effectiveness and compliance with security policies.

* Manage vulnerability remediation status on internal ticket system, ensuring timely updates, proper tracking, and escalation of overdue items.

* Collaborate with security engineers and developers to improve the overall vulnerability management process.

* Act as a primary point of contact for development teams regarding vulnerability remediation efforts.

* Proactively communicate with development teams to ensure timely remediation of vulnerabilities.

* Security Testing on Web Application/API

* Application penetration testing to discover the vulnerability of target web applications and APIs, following industry standards such as the OWASP web security testing methodology using Burp Suite.

* Network scan using tools such as Nmap and Nessus.

* Create vulnerability tickets to report the findings during security testing and share them during the debriefing meeting.

* Conduct kick-off meetings and connection checks to ensure the provided test information is sufficient before starting the security testing.

* Vulnerability management includes follow-up and re-verification of vulnerabilities after remediation.

Required Skills/必須スキル：

* Understanding of common web application vulnerabilities (OWASP Top 10) and remediation techniques.

* Experience with vulnerability scanners (SAST, DAST, SCA) and their output.

* Familiarity with JIRA or other ticketing systems.

* Excellent written and verbal communication skills, with the ability to explain technical concepts to both technical and non-technical audiences.

Desired Skills/希望スキル：

* Public cloud security knowledge and/or mobile application security testing experience would be a plus.

* Experience in a DevSecOps environment.

* Security certifications (e.g., Security+, CEH, CISSP).

* Japanese language proficiency (JLPT N3 or higher).