Network Fraud and Core Security Engineer (m/f/d)

None  •  IT & Software  •  Düsseldorf, Germany

<div class="show-more-less-html__markup show-more-less-html__markup--clamp-after-5 relative overflow-hidden"> <p><strong>About the company -</strong></p><p>Rakuten Symphony is a Rakuten Group company, providing global B2B services for the mobile telco industry and enabling next-generation, cloud-based, international mobile services.</p><p>Building on the technology Rakuten used to launch Japan’s newest mobile network, we are taking our mobile offering global. Let’s build the future of mobile telecommunications together!</p><p><br/></p><p><strong>About the role -</strong></p><p>We’re hiring an expert to strengthen our network security posture across telecom signaling and fraud prevention, and to operate our Lawful Interception (LI) capabilities in compliance with applicable regulations. You’ll own day-to-day operation, tuning, and evolution of our SS7, Diameter, SIP, and GTP-C firewalls, help detect and prevent fraud and signaling abuse, and manage LI provisioning and delivery with rigor, privacy, and auditability.</p><p><br/></p><p><strong>What you’ll do:</strong></p><p>• Operate, administer, and optimize signaling firewalls:</p><p>• SS7 firewall (MAP/CAP/TCAP/SCCP/SIGTRAN)</p><p>• Diameter security and DRA/Diameter firewall (e.g., S6a, S9, S13, Cx/Dx, Sh)</p><p>• SIP/IMS security (VoLTE/VoWiFi, SBC policy, TLS, topology hiding)</p><p>• GTP-C firewall (GTPv2-C on S5/S8/S11; awareness of GTP-U risks)</p><p>• Build and tune rules, policies, signatures, and machine-learning/heuristic detections for:</p><p>• Location tracking and subscriber profiling attempts</p><p>• SMS/call interception, spoofing, SIMbox, IRSF/Wangiri, PBX toll fraud</p><p>• Signaling storms, flooding/DoS, malformed message fuzzing, tunnel hijack</p><p>• Roaming/interconnect threats across SS7/GRX/IPX/S8</p><p>• Lead incident response for signaling and fraud events:</p><p>• Run packet/pcap analysis and protocol call-flow troubleshooting (Wireshark)</p><p>• Coordinate with NOC/SOC, Core/IMS, Roaming, and Fraud Ops</p><p>• Define and track KPIs, write post-incident reports, and drive corrective actions</p><p>• Lawful Interception (LI) operations:</p><p>• Provision, activate, and deactivate LI in accordance with legal warrants/orders</p><p>• Operate and maintain LI mediation and delivery platforms (HI1/HI2/HI3)</p><p>• Ensure data integrity, chain-of-custody, logging, and audit-readiness</p><p>• Liaise with Legal/Compliance and, when required, with LEAs; ensure strict privacy controls</p><p>• Automation and integration:</p><p>• Develop playbooks and automation for rule deployment, testing, and reporting (Python/Bash/REST APIs/Ansible)</p><p>• Architecture and hardening:</p><p>• Advise on security for core/IMS/5G SBA (MME/SGSN/PGW/SMF/AMF/UDM/UDR/NRF/SCP/SEPP)</p><p>• Contribute to roadmap for 5G interconnect security (SEPP, TLS, PRINS), API/SBI protections (HTTP/2, OAuth2/MTLS)</p><p>• Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR/local privacy)</p><p><br/></p><p><strong>What you’ll bring:</strong></p><p>• 5+ years in telecom core networking or signaling security/fraud prevention</p><p>• Deep protocol expertise:</p><p>• SS7: MAP, CAP, TCAP, SCCP, SIGTRAN (M3UA/SUA)</p><p>• Diameter: core stack and apps (S6a/S9/S13/Cx/Dx/Sh/Gx/Gy)</p><p>• SIP/IMS: SBCs, VoLTE/VoWiFi, IMS call flows, TLS and topology hiding</p><p>• GTPv2-C (and awareness of GTP-U risks) in EPC/5GC contexts</p><p>• Hands-on with at least one major signaling firewall platform (e.g., Mobileum, Enea/AdaptiveMobile, Positive Technologies, NetNumber/TITAN, Nokia/Oracle/HPE/ERICSSON equivalents)</p><p>• Strong pcap/trace analysis and troubleshooting skills (Wireshark, call-flow tools)</p><p>• Experience operating LI platforms (e.g., Verint, SS8, Utimaco, NICE, Ericsson/HPE LI mediation), and working knowledge of:</p><p>• ETSI TS 101 671, ETSI TS 102 232 series</p><p>• 3GPP TS 33.106/33.107/33.108; 33.127 (EPC LI), 33.128 (5G LI)</p><p>• CALEA or relevant local LI regulations</p><p>• Familiarity with GSMA/3GPP security guidance (e.g., GSMA FS.11/FS.19/FS.20, 3GPP TS 33.501 for 5G security)</p><p>• Scripting/automation: Python/Bash; exposure to REST APIs, Ansible/Git; basic CI/CD practices</p><p>• Solid understanding of core nodes: HLR/HSS/AuC, STP/DRA/DEA, MME/SGSN, PGW/GGSN, PCRF/PCF, SBC/IMS, AMF/SMF/UPF, SEPP</p><p>• Excellent written documentation, stakeholder communication, vendor management and cross-team collaboration</p><p>• Willingness to participate in on-call rotation and pass background checks</p> </div>

Job Overview
  • Datum der Veröffentlichung

    Jun 04, 2026

  • Kategorie

    IT & Software

  • Job Type

  • Standort

    Düsseldorf, Germany

  • Arbeitgeber

    Rakuten Symphony

  • Source

    LinkedIn