Skip to main content

DevSecOps Engineer (m/f/d)

Rakuten Symphony

DüsseldorfOn-siteFull-Time3w ago

Description

About the Company -

Rakuten empowers through technology.

Rakuten Symphony Germany is building a nationwide mobile network based on the industry-leading Symphony platform developed from Singapore and successfully deployed in Japan. Symphony is a fully virtualized, cloud-native telco platform at the cutting edge of technology: Rakuten partners with research organizations, start-ups, and SMEs through its Network Innovation Lab on the future of OpenRAN and autonomous networks of the future. We are in the process of deploying a nation-wide mobile network in Germany.

Your Role:

As a Security Engineer within our Lab environment, you will be responsible for ensuring the security integrity of our development and deployment processes. You will drive security practices across CI/CD pipelines, DevOps tooling, and infrastructure while proactively identifying and mitigating vulnerabilities. Working closely with development teams, DevOps, and platform owners, you will play a key role in strengthening our overall security posture through testing, automation, and hands-on security assessments.

Your Responsibilities:

  • Own and oversee security testing within CI/CD pipelines, including scanning, validation, and approval of container images
  • Manage and enforce quarantine processes for high-risk artifacts pending security review
  • Perform manual validation of vulnerabilities to reduce false positives and ensure secure deployments
  • Collaborate with DevOps teams, Artifactory owners, and project managers to integrate security best practices
  • Conduct vulnerability assessments across infrastructure, applications, and network environments
  • Develop and maintain automation scripts (e.g., Python) to enhance security testing and operations
  • Validate exploitability of identified vulnerabilities and assess associated risks
  • Drive remediation efforts by defining mitigation strategies and supporting patching and fixes with development teams
  • Help Security Assurance team to plan and execute penetration tests (web, internal, external, cloud, and product-focused environments such as object storage systems)
  • Provide actionable recommendations to improve security posture based on findings
  • Help Security Assurance team to execute red team exercises to simulate real-world attack scenarios
  • Help Defensive Security team to evaluate detection and response capabilities and recommend improvements
  • Help Security Architecture team to improve security practices

Requirements:

  • Proven ability to integrate security controls into the software development lifecycle, with a solid understanding of Shift-Left Security principles
  • Proven experience in security engineering, DevSecOps, penetration testing or a similar role
  • Strong hands-on experience with CI/CD pipelines, particularly using Jenkins as well as CI/CD security tools and practices (e.g., SAST, DAST, container scanning)
  • Hands-on experience with containerization and orchestration technologies (e.g., Docker, Kubernetes), including securing container images and runtime environments
  • Experience with vulnerability assessment and penetration testing tools and methodologies
  • Experience performing web, infrastructure, and cloud penetration testing
  • Familiarity with artifact repository security (e.g., Artifactory or similar platforms)
  • Experience in scripting/automation, preferably with Python
  • Ability to assess and prioritize vulnerabilities based on risk and business impact
  • Experience conducting or participating in red team exercises
  • Solid understanding of network security, application security, and cloud security concepts
  • Strong collaboration and communication skills when working with cross-functional teams
  • Experience with secrets management solutions such as HashiCorp Vault
  • Understanding of PKI concepts, including certificate management and secure communications (consid

More jobs in Düsseldorf