Coupang is one of the largest and fastest growing e-commerce platforms on the planet. We are on a mission to revolutionize everyday lives for our customers, employees and partners. We solve problems no one has solved before to create a world where people ask, “How did we ever live without Coupang?” 

Coupang is a global company with offices in Beijing, Los Angeles, Seattle, Seoul, Shanghai, and Silicon Valley. 

Job Overview 

As our Cyber Security Incident Response Lead (CSIRT), you will be a part of our special forces within the BlueTeam. You must have a calm and collected mannerism in high-pressure and time sensitive situations, think like both an attacker and defender, and work with relevant teams to take the right and timely actions to analyse, respond and neutralise attacks.

The BlueTeam is responsible for the detection and response to credible threats. We work hands-on developing detective capabilities, identifying mitigations to vulnerabilities and respond to potential threats to Coupang systems. BlueTeam CSIRT Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis.

The Senior/Principal Security Engineering position requires an experienced CSIRT personnel that have expert working knowledge in IR, investigation and hunt techniques, root-cause security flaws and vulnerabilities, quickly assessing the potential cyber threats, and educating other members of the broader team. Security Engineers are also expected to develop elegant solutions to complex problems and apply appropriate technologies while following security engineering best practices.

Key Responsibilities: 

  • Monitoring, identification and response to cyber security incidents
  • Cyber security investigation at the network, endpoint and cloud
  • Host based and Network packet capture/traffic analysis
  • SIEM Rule development and fine tuning to detect security incidents and anomalies
  • Conduct research and analysis on local and worldwide cyber threat streams against Coupang
  • CSIRT Team and cyber investigations lead

Qualifications:

  • Successfully respond and investigate security incidents (live or post mortem) up to root cause level (either as lead or support role in the follow-the-sun delivery model)
  • As an outcome of investigations, provide recommendations to build secure infrastructure to prevent future attacks with similar TTPs. This done through deep understanding of information security fundamentals including endpoint protection, network topology, segmentation, switching and routing and web application security.
  • Continuously assist the SOC to development and finetune rulesets to identify threats and incidents and minimize false positives.
  • Successfully lead major investigations that require multiple team members
  • Seasoned IR lead that are able to remotely manage a team of responders and investigators.
  • Effectively manage the different business and IT stakeholders affected by a major incident
  • Provide situational awareness on cyber threats, actors and TTPs relevant to Coupang and related industries in a local, regional and global coverage
  • Provide effective leadership during IR and investigations
  • Provide business risk assessments of cyber threats and technical vulnerabilities
  • Develop technical and executive incident and investigation reports
  • Delivery of Cyber Threat Intelligence (CTI) products
  • Present situational awareness, findings and recommendations to management and executives
  • Oversee and monitor routine security administration
  • Manage and mentor a dedicated team of analysts and investigators
  • Define access privileges, control structures and resources
  • Research and recommend security controls
  • Provide technical advice to colleagues across different business units
  • Defend systems against unauthorized access, modification and/or destruction
  • Identify abnormalities and report violations
  • Respond immediately to security incidents and provide post-incident analysis
  • Conduct data breach and security incident investigations
  • Conduct APT and Adversary hunt
  • Liaison with other cyber threat analysis entities
  • Design and conduct security audits to ensure operational security
  • Perform network and host vulnerability assessment and risk analysis
  • Experience with AWS Cloud service

 Preferred

  • 7+ years of experience in information security with at least 3+ years in cyber incident response or digital investigations
  • BS degree or equivalent practical experience
  • Experienced in driving change (organizational, cultural and process) needed to respond to current and emerging threats
  • Working knowledge in delivering the complete CTI (Cyber Threat Intelligence) lifecycle
  • Working knowledge of Host based security investigation (Windows, Linux, Network/Security appliances)
  • Working knowledge of Operating SIEM and CTI (Cyber Threat Intelligence) Solutions and developing use cases
  • Current understanding of Network Traffic/Packet analysis and forensic
  • Current understanding of Operating IPS/IDS, Network Monitoring solutions, Net flow collector and analyzer
  • Current understanding of Operating EDR (Endpoint Detection and Response) system and tools such as CarbonBlack, CrowdStrike, EnCase-EDR, FTK, Volatility memory forensic, etc.
  • Knowledge of application security such as Web application, Mobile app traffics, etc.
  • Ability to work independently on your own in a satellite / remote office where team support are dispersed globally and HQ in Korea.
  • Ability to be flexible and work during non-business hours (to support a global team in different time zones)
  • Certified in one or more of the following: CISSP, CISA, CCNA, CISM, SANS GIAC
  • Knowledge of Web Services (HTTP, HTML, AWS, REST, SOAP, Atom)
  • Experienced in Automation and Script (Linux shell, Python, Perl, Powershell)
  • Experienced in developing using Log Search (ELK, Splunk), TSDB (Time series DB)

Perks:

  • Autonomy to make decisions in a rapidly growing company 
  • Free medical, dental, and vision insurance 
  • 18 days PTO + 12 national holidays off 
  • 401K matching 
  • Pre-IPO stock options 
  • Mobile & fitness reimbursement 
  • Catered lunches

Coupang is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or gender (including pregnancy, gender identity, gender expression, sexual orientation, transgender status), national origin, age, disability, medical condition, HIV/AIDS or Hepatitis C status, marital status, military or veteran status, use of a trained dog guide or service animal, political activities, affiliations, citizenship, or any other characteristic or class protected by the laws or regulations in the locations where we operate. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at usrecruiting@coupang.com.

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Coupang are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 1/31/2020

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities1. To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • HIV/AIDS
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.