Coupang is one of the largest and fastest growing e-commerce platforms on the planet. We are on a mission to revolutionize everyday lives for our customers, employees and partners. We solve problems no one has solved before to create a world where people ask, “How did we ever live without Coupang?” 

Coupang is a global company with offices in Beijing, Los Angeles, Seattle, Seoul, Shanghai, and Silicon Valley. 

Job Overview 

As our Cyber Security Incident Response Lead (CSIRT) for our Seattle office, you will be a part of our special forces within the BlueTeam. You must have a calm and collected mannerism in high-pressure and time sensitive situations, think like both an attacker and defender, and work with relevant teams to take the right and timely actions to analyze, respond and neutralize attacks.

The BlueTeam is responsible for the detection and response to credible threats. We work hands-on developing detective capabilities, identifying mitigations to vulnerabilities and respond to potential threats to Coupang systems. BlueTeam CSIRT Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis.

 The Senior Engineering Lead position requires an experienced CSIRT personnel that have expert working knowledge in IR, investigation and hunt techniques, root-cause security flaws and vulnerabilities, quickly assessing the potential cyber threats, and educating other members of the broader team. Security Engineers are also expected to develop elegant solutions to complex problems and apply appropriate technologies while following security engineering best practices.

Key Responsibilities: 

  • Monitoring, identification and response to cyber security incidents
  • Cyber security investigation at the network, endpoint and cloud
  • Host based and Network packet capture/traffic analysis
  • SIEM Rule development and fine tuning to detect security incidents and anomalies
  • Conduct research and analysis on local and worldwide cyber threat streams against Coupang
  • CSIRT Team and cyber investigations lead


  • Successfully respond and investigate security incidents (live or post mortem) up to root cause level (either as lead or support role in the follow-the-sun delivery model)
  • As an outcome of investigations, provide recommendations to build secure infrastructure to prevent future attacks with similar TTPs. This done through deep understanding of information security fundamentals including endpoint protection, network topology, segmentation, switching and routing and web application security.
  • Continuously assist the SOC to development and fine tune rule sets to identify threats and incidents and minimize false positives.
  • Successfully lead major investigations that require multiple team members
  • Seasoned IR lead that are able to remotely manage a team of responders and investigators.
  • Effectively manage the different business and IT stakeholders affected by a major incident
  • Provide situational awareness on cyber threats, actors and TTPs relevant to Coupang and related industries in a local, regional and global coverage
  • Provide effective leadership during IR and investigations
  • Provide business risk assessments of cyber threats and technical vulnerabilities
  • Develop technical and executive incident and investigation reports
  • Delivery of Cyber Threat Intelligence (CTI) products
  • Present situational awareness, findings and recommendations to management and executives
  • Oversee and monitor routine security administration
  • Manage and mentor a dedicated team of analysts and investigators
  • Define access privileges, control structures and resources
  • Research and recommend security controls
  • Provide technical advice to colleagues across different business units
  • Defend systems against unauthorized access, modification and/or destruction
  • Identify abnormalities and report violations
  • Respond immediately to security incidents and provide post-incident analysis
  • Conduct data breach and security incident investigations
  • Conduct APT and Adversary hunt
  • Liaison with other cyber threat analysis entities
  • Design and conduct security audits to ensure operational security
  • Perform network and host vulnerability assessment and risk analysis


  • 7+ years of experience in information security with at least 3+ years in cyber incident response or digital investigations
  • Experienced in driving change (organizational, cultural and process) needed to respond to current and emerging threats
  • Working knowledge in delivering the complete CTI (Cyber Threat Intelligence) lifecycle
  • Working knowledge of Host based security investigation (Windows, Linux, Network/Security appliances)
  • Working knowledge of Operating SIEM and CTI (Cyber Threat Intelligence) Solutions and developing use cases
  • Current understanding of Network Traffic/Packet analysis and forensic
  • Current understanding of Operating IPS/IDS, Network Monitoring solutions, Net flow collector and analyzer
  • Current understanding of Operating EDR (Endpoint Detection and Response) system and tools such as CarbonBlack, CrowdStrike, EnCase-EDR, FTK, Volatility memory forensic, etc.
  • Knowledge of application security such as Web application, Mobile app traffics, etc.
  • BS degree or equivalent practical experience
  • Self motivated
  • Ability to work independently on your own in a satellite / remote office where team support are dispersed globally and HQ in Korea.
  • Ability to be flexible and work during non-business hours (to support a global team in different time zones)
  • Languages:
    • Primary work language for all offices is English (Korean a bonus)
  • Certified in one or more of the following: CISSP, CISA, CCNA, CISM, SANS GIAC
  • Knowledge of Cloud service practices and principles (e.g AWS, Azure)
  • Knowledge of Web Services (HTTP, HTML, AWS, REST, SOAP, Atom)
  • Experienced in Automation and Script (Linux shell, Python, Perl, Powershell)
  • Experienced in developing using Log Search (ELK, Splunk), TSDB (Time series DB)
  • Knowledge of DevOps and Agile practices and principles
  • Working knowledge of the intelligence lifecycle and current cyber threat landscape
  • Understanding of major threats and threat actors and their relevance to the eCommerce industry

Coupang is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or gender (including pregnancy, gender identity, gender expression, sexual orientation, transgender status), national origin, age, disability, medical condition, HIV/AIDS or Hepatitis C status, marital status, military or veteran status, use of a trained dog guide or service animal, political activities, affiliations, citizenship, or any other characteristic or class protected by the laws or regulations in the locations where we operate. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at

Apply for this Job

* Required


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Coupang are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.