Principal Cyber Security Engineer-- Blue Team
Coupang is one of the largest and fastest growing e-commerce platforms on the planet. We are on a mission to revolutionize everyday lives for our customers, employees and partners. We solve problems no one has solved before to create a world where people ask, “How did we ever live without Coupang?”
Coupang is a global company with offices in Beijing, Los Angeles, Seattle, Seoul, Shanghai, and Silicon Valley.
As our Cyber Security Incident Response Lead (CSIRT), you will be a part of our special forces within the BlueTeam. This role can be based in our Mountain View or Seattle offices. You must have a calm and collected mannerism in high-pressure and time sensitive situations, think like both an attacker and defender, and work with relevant teams to take the right and timely actions to analyze, respond and neutralize attacks.
The BlueTeam is responsible for the detection and response to credible threats. We work hands-on developing detective capabilities, identifying mitigations to vulnerabilities and respond to potential threats to Coupang systems. BlueTeam CSIRT Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis.
The Senior Engineering Lead position requires an experienced CSIRT personnel that have expert working knowledge in IR, investigation and hunt techniques, root-cause security flaws and vulnerabilities, quickly assessing the potential cyber threats, and educating other members of the broader team. Security Engineers are also expected to develop elegant solutions to complex problems and apply appropriate technologies while following security engineering best practices.
- Monitoring, identification and response to cyber security incidents
- Cyber security investigation at the network, endpoint and cloud
- Host based and Network packet capture/traffic analysis
- SIEM Rule development and fine tuning to detect security incidents and anomalies
- Conduct research and analysis on local and worldwide cyber threat streams against Coupang
- CSIRT Team and cyber investigations lead
- Successfully respond and investigate security incidents (live or post mortem) up to root cause level (either as lead or support role in the follow-the-sun delivery model)
- As an outcome of investigations, provide recommendations to build secure infrastructure to prevent future attacks with similar TTPs. This done through deep understanding of information security fundamentals including endpoint protection, network topology, segmentation, switching and routing and web application security.
- Continuously assist the SOC to development and fine tune rule sets to identify threats and incidents and minimize false positives.
- Successfully lead major investigations that require multiple team members
- Seasoned IR lead that are able to remotely manage a team of responders and investigators.
- Effectively manage the different business and IT stakeholders affected by a major incident
- Provide situational awareness on cyber threats, actors and TTPs relevant to Coupang and related industries in a local, regional and global coverage
- Provide effective leadership during IR and investigations
- Provide business risk assessments of cyber threats and technical vulnerabilities
- Develop technical and executive incident and investigation reports
- Delivery of Cyber Threat Intelligence (CTI) products
- Present situational awareness, findings and recommendations to management and executives
- Oversee and monitor routine security administration
- Manage and mentor a dedicated team of analysts and investigators
- Define access privileges, control structures and resources
- Research and recommend security controls
- Provide technical advice to colleagues across different business units
- Defend systems against unauthorized access, modification and/or destruction
- Identify abnormalities and report violations
- Respond immediately to security incidents and provide post-incident analysis
- Conduct data breach and security incident investigations
- Conduct APT and Adversary hunt
- Liaison with other cyber threat analysis entities
- Design and conduct security audits to ensure operational security
- Perform network and host vulnerability assessment and risk analysis
- 7+ years of experience in information security with at least 3+ years in cyber incident response or digital investigations
- Experienced in driving change (organizational, cultural and process) needed to respond to current and emerging threats
- Working knowledge in delivering the complete CTI (Cyber Threat Intelligence) lifecycle
- Working knowledge of Host based security investigation (Windows, Linux, Network/Security appliances)
- Working knowledge of Operating SIEM and CTI (Cyber Threat Intelligence) Solutions and developing use cases
- Current understanding of Network Traffic/Packet analysis and forensic
- Current understanding of Operating IPS/IDS, Network Monitoring solutions, Net flow collector and analyzer
- Current understanding of Operating EDR (Endpoint Detection and Response) system and tools such as CarbonBlack, CrowdStrike, EnCase-EDR, FTK, Volatility memory forensic, etc.
- Knowledge of application security such as Web application, Mobile app traffics, etc.
- BS degree or equivalent practical experience
- Self motivated
- Ability to work independently on your own in a satellite / remote office where team support are dispersed globally and HQ in Korea.
- Ability to be flexible and work during non-business hours (to support a global team in different time zones)
- Primary work language for all offices is English (Korean a bonus)
- Certified in one or more of the following: CISSP, CISA, CCNA, CISM, SANS GIAC
- Knowledge of Cloud service practices and principles (e.g AWS, Azure)
- Knowledge of Web Services (HTTP, HTML, AWS, REST, SOAP, Atom)
- Experienced in Automation and Script (Linux shell, Python, Perl, Powershell)
- Experienced in developing using Log Search (ELK, Splunk), TSDB (Time series DB)
- Knowledge of DevOps and Agile practices and principles
- Working knowledge of the intelligence lifecycle and current cyber threat landscape
- Understanding of major threats and threat actors and their relevance to the eCommerce industry
Coupang is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or gender (including pregnancy, gender identity, gender expression, sexual orientation, transgender status), national origin, age, disability, medical condition, HIV/AIDS or Hepatitis C status, marital status, military or veteran status, use of a trained dog guide or service animal, political activities, affiliations, citizenship, or any other characteristic or class protected by the laws or regulations in the locations where we operate. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at firstname.lastname@example.org.