Principal, Information Security Engineer (Blue Team - SOC)
Coupang is one of the largest and fastest growing e-commerce platforms on the planet. We are on a mission to revolutionize everyday lives for our customers, employees and partners. We solve problems no one has solved before to create a world where people ask, “How did we ever live without Coupang?” Coupang is a global company with offices in Beijing, Los Angeles, Seattle, Seoul, Shanghai, and Silicon Valley.
Coupang is seeking SOC Engineers for our Shanghai/Beijing office and be part of our special forces within the BlueTeam. You must have a calm and collected mannerism in high-pressure and time sensitive situations, think like both an attacker and defender, and work with relevant teams to take the right and timely actions to analyse, respond and neutralise attacks.
The BlueTeam is responsible for the detection and response to credible threats. We work hands-on developing detective capabilities, identifying mitigations to vulnerabilities and respond to potential threats to Coupang systems. BlueTeam Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis.
Your primary responsibility will be to maintain the tools and platforms used by the Security Operations Center (SOC), including the Security Incident and Event Management (SIEM) and case management tool.
In this role you will contribute to the maturity of the SOC by participating in various SOC building projects such as log source on-boarding, health checks, use case creation, process, and procedure creation, and improvement, as well as refinement of SIEM, alerts to reduce false positives.
You will be expected to develop scripts and programs to automate multiple, manual, time-consuming SOC tasks. SOC Engineers are expected to develop elegant solutions to complex problems and apply appropriate technologies while following security engineering best practices. You are expected to assist in security incident response, investigations and digital forensic related tasks. You will be responsible for documenting and sharing knowledge acquired during your daily tasks.
- Establish and improve existing operational procedures and security policy for maturity of SOC operation.
- New log source on boarding, health check, resources (ie EPS) for efficient operation of SIEM equipment
- Assist in operating SOC environment or infra (SIEM, IPS, FW, AWS, etc)
- Assist in managing SOC tasks (project management, error management, etc)
- Defend systems against unauthorized access, modification and/or destruction
- Respond immediately to security incidents and provide post-incident analysis
- Design and conduct security audits to ensure operational security
- Security assessment for new solutions in perspective of SOC.
- Research and recommend security controls
- Provide technical advice to colleagues across different business units
- 7+ years as a security engineer, with at least one year as part of a SOC or supporting a SOC/SIEM infrastructure as an engineer
- Understanding of the incident response process and enterprise information security fundamentals
- Awareness about security products and technologies, and networking protocols
- Knowledge of configuration of IT security appliances such as firewalls, IDS, IPS, FW, EDR and SIEMs
- Knowledge of security operations analysis, detection and response tools including but not limited to SIEM, IDS/IPS, EDR
- Knowledge of linux system and the type of logs. (application logs, system logs, etc)
- Ability to program and script to achieve the following- API interactions, automation, data parsing and clean up
- Ability to programmatically interact with APIs in security tools and platforms
- Strong process management background with a keen interest in continuous improvement
- Desire to learn new skills and improve current skills to deliver optimal services to the SOC
- Conceptual understanding of cloud computing
- Experienced in working in a public cloud environment preferred
- Ability to interact with Security analysts in order to derive requirements and convert those requirements to deliverable
- Self motivated
- Ability to be flexible and work during non-business hours (to support a global team in different timezones)
- Certified in one or more of the following preferred: CISSP, CISA, CCNA, CISM, SANS GIAC
- Knowledge of Cloud service practices and principles (e.g AWS, Azure)
- Development experience in Web Services (HTTP, HTML, AWS, REST, SOAP, Atom)
- Development experience in Automation and Script (Linux shell, Python, Perl, Powershell)
- Experience in developing using Log Search (ELK, Splunk), TSDB (Time series DB)
- Knowledge of DevOps and Agile practices and principles
- Working knowledge of the current cyber threat landscape
- Understanding of major threats and threat actors and their relevance to the eCommerce industry
Recruitment Process and Others
1. Recruitment Process: Application Review - Phone Interview - Onsite Interview - Offer
(The recruitment process may be different depending on the job and may be changed due to scheduling and circumstances.)
a. This job post may be closed early if all openings are filled.
b. If there is any false information in the application, the offer may be cancelled.
c. Veteran status or disability will not result in any disadvantages in the recruitment process.
d. Interview schedules and the results will be informed to the applicant via the e-mail address submitted at the application stage.