DevSecOps Engineer (m/f/d)
Rakuten Symphony
Description
About the Company -
Rakuten empowers through technology.
Rakuten Symphony Germany is building a nationwide mobile network based on the industry-leading Symphony platform developed from Singapore and successfully deployed in Japan. Symphony is a fully virtualized, cloud-native telco platform at the cutting edge of technology: Rakuten partners with research organizations, start-ups, and SMEs through its Network Innovation Lab on the future of OpenRAN and autonomous networks of the future. We are in the process of deploying a nation-wide mobile network in Germany.
Your Role:
As a Security Engineer within our Lab environment, you will be responsible for ensuring the security integrity of our development and deployment processes. You will drive security practices across CI/CD pipelines, DevOps tooling, and infrastructure while proactively identifying and mitigating vulnerabilities. Working closely with development teams, DevOps, and platform owners, you will play a key role in strengthening our overall security posture through testing, automation, and hands-on security assessments.
Your Responsibilities:
- Own and oversee security testing within CI/CD pipelines, including scanning, validation, and approval of container images
- Manage and enforce quarantine processes for high-risk artifacts pending security review
- Perform manual validation of vulnerabilities to reduce false positives and ensure secure deployments
- Collaborate with DevOps teams, Artifactory owners, and project managers to integrate security best practices
- Conduct vulnerability assessments across infrastructure, applications, and network environments
- Develop and maintain automation scripts (e.g., Python) to enhance security testing and operations
- Validate exploitability of identified vulnerabilities and assess associated risks
- Drive remediation efforts by defining mitigation strategies and supporting patching and fixes with development teams
- Help Security Assurance team to plan and execute penetration tests (web, internal, external, cloud, and product-focused environments such as object storage systems)
- Provide actionable recommendations to improve security posture based on findings
- Help Security Assurance team to execute red team exercises to simulate real-world attack scenarios
- Help Defensive Security team to evaluate detection and response capabilities and recommend improvements
- Help Security Architecture team to improve security practices
Requirements:
- Proven ability to integrate security controls into the software development lifecycle, with a solid understanding of Shift-Left Security principles
- Proven experience in security engineering, DevSecOps, penetration testing or a similar role
- Strong hands-on experience with CI/CD pipelines, particularly using Jenkins as well as CI/CD security tools and practices (e.g., SAST, DAST, container scanning)
- Hands-on experience with containerization and orchestration technologies (e.g., Docker, Kubernetes), including securing container images and runtime environments
- Experience with vulnerability assessment and penetration testing tools and methodologies
- Experience performing web, infrastructure, and cloud penetration testing
- Familiarity with artifact repository security (e.g., Artifactory or similar platforms)
- Experience in scripting/automation, preferably with Python
- Ability to assess and prioritize vulnerabilities based on risk and business impact
- Experience conducting or participating in red team exercises
- Solid understanding of network security, application security, and cloud security concepts
- Strong collaboration and communication skills when working with cross-functional teams
- Experience with secrets management solutions such as HashiCorp Vault
- Understanding of PKI concepts, including certificate management and secure communications (consid