Digital Forensics & Incident Response Manager

Overview

Conduct DFIR for Rakuten Mobile's 4G/5G network, handling incidents and forensic analysis.

Key Responsibilities

• security review
• forensic analysis
• malware analysis
• incident response
• vulnerability analysis
• automation scripts

Tasks

As a member of our team, you will be responsible for digital forensics and incident response (DFIR) support across the 4G/5G mobility network for Rakuten Mobile in Japan. The team is looking for a highly technical individual to support our growing team in Japan and build a world class DFIR capability. Role Summary: Actively investigate security events and manage incident response and digital forensic investigations across a range of computing environments, platforms, and applications, including Windows, Linux-based operating systems, Mobile Devices, Open-Source Container Orchestration systems, public cloud software-as-a-service applications, and inhouse hosted infrastructure-as-a-service platforms. -Perform security reviews of firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity. -Collaborate with others in the Security Operations department to develop and implement innovative strategies for monitoring and preventing attackers. -Hypothesize - Practice - Validate - Shikumika. Use the Rakuten Cycle to success in unknown territory. -Develop and maintain incident response and forensic activity plans, runbooks, and other preparedness documentation. -Perform security triage and forensic analysis of compromised computing environments and systems including Windows, Linux, Mac OS and Mobile devices. -Collect and analyze data to identify cyber security flaws and vulnerabilities and make recommendations that enable prompt remediation. -Coordinate with server owners, system custodians, and IT/Network contacts to pursue security incident response activities, including obtaining access to systems, digital forensic artifact collection, and containment and/or remediation actions. -Perform memory forensics and binary file analysis as needed. -Investigate and analyze malicious code and/or malware by performing malware analysis. -Provide support to prepare cyber security incident investigation report. -Forensically analyze end user systems and servers found to have possible indicators of compromise. -Identify and propose areas for improvement within the Incident Response team. -Develop and maintain IR script repository to support automated forensic artifact collection and analysis. -Conduct research and development on cyber security incidents and mitigations.

Requirements

• bachelor's
• digital forensics
• kubernetes
• azure
• python
• giac

What You Bring

-Availability during nights/weekends as needed for DFIR activities. -Must possess strong oral and written communication, analytical, and problem-solving capabilities as well as excellent judgment and self-motivation. -Bachelor’s degree in Computer Science or related field. -Must have a passion for research and uncovering the unknown about cyber security threats and threat actors. -Ability to analyze and solve complex technical problems. -4-5 years of experience in Digital Forensics and Incident Response performing Incident Triage, Investigation, Evidence collection, analysis, and reporting. -Knowledge of Containerization, Kubernetes, Docker is a plus. -Experience with various forensic log artefacts found in SIEM logs, Firewall logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs. -Familiarity with Public Cloud platforms (GCP/AWS/Azure). -Experience working in Telecom (MNO/MVNO) sector is preferable, but not required. -Good understanding of data collection and preservation principles. -Must possess strong experience in security engineering and network technologies, Operating Systems and network security, common attack patterns and exploitation techniques. -Must possess an understanding of all aspects of incident response and digital forensics, evidence handling procedures, conducting, and managing cyber investigations and case management. -Understanding of common threat actor techniques (Mitre Att&ck), malware behavior and persistence mechanisms. -Ability to influence decision makers with data and objective analysis. -Microsoft Azure and/or Office 365 platform knowledge and experience. -Proficient in the use of forensic tools such as FTK, EnCase, Axiom, X-Ways, Volatility, etc. -Applicable GIAC Certifications such as OSCP/E, GNFA, GCFE, GCFA, or GREM. -Must be willing to participate in on-call rotation and work after hours as needed. -Must have experience with scripting/programming in at least one language (e.g., Go, Python, PowerShell). -Prior experience using SIEM/EDR/XDR products (e.g., Splunk, QRadar, Crowdstrike, Carbon Black, Sentinel One, Tanium, Trend Micro, others) to investigate threats and perform triage activities. -Understanding of file system, file types, encodings, encryptions, drive structures etc. -Must be able to complete multiple tasks under scheduled deadlines.

People Also Searched For

About Rakuten Symphony

-Began as a spin-out from Rakuten Mobile’s virtualized 5G network launch. -Developed a cloud-native, open-interface telecom stack using commodity servers and Kubernetes. -Strategic partnerships with 1&1 in Europe and AT&T in the U.S. to expand Open RAN and telco-cloud services. -Supported by Rakuten Group’s digital ecosystem, leveraging strengths in e-commerce, fintech, and cloud services.

Sector Specialisms