Senior, Cyber Threat Hunter (GHOST Team)

We exist to wow our customers. We know we’re doing the right thing when we hear our customers say, “How did we ever live without Coupang?” Born out of an obsession to make shopping, eating, and living easier than ever, we’re collectively disrupting the multi-billion-dollar e-commerce industry from the ground up. We are one of the fastest-growing e-commerce companies that established an unparalleled reputation for being a dominant and reliable force in South Korean commerce.

We are proud to have the best of both worlds — a startup culture with the resources of a large global public company. This fuels us to continue our growth and launch new services at the speed we have been at since our inception. We are all entrepreneurial surrounded by opportunities to drive new initiatives and innovations. At our core, we are bold and ambitious people that like to get our hands dirty and make a hands-on impact. At Coupang, you will see yourself, your colleagues, your team, and the company grow every day.

Our mission to build the future of commerce is real. We push the boundaries of what’s possible to solve problems and break traditional tradeoffs. Join Coupang now to create an epic experience in this always-on, high-tech, and hyper-connected world.

Role Overview

Coupang’s Proactive Security Team has a mission to keep Coupang secure by performing proactive activities that will prevent or mitigate potential security risks due to Threat Actors. That is achieved by two different teams: Red Team, which is responsible for simulating Threat Actor malicious activities. GHOST team: The team is responsible for (1) Understanding the Threat Actor tactics and motives (Cyber Threat Intelligence) (2) Creating detection rules that would identify potential Threat Actors (Use-case development) (3) Actively hunt for potential Threat Actors (Threat Hunting)

We are looking for a threat hunter with the required analytical background to join our team to perform threat hunts, assist with investigations, improve detection capabilities and investigate best practices in Coupang security and products. Hunters will support Coupang's Proactive Security team in identifying and cataloging new attacker Tools, Techniques, and Procedures (TTPs) and victims, validating the hypothesis, and investigating the threat to protect Coupang's customers.

Key Responsibilities  

• Perform scenario-based hypothesis testing.
• Identifying potential threats, allowing for proactive defense before an actual incident.
• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities.
• Driving product and security improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams.
• Works with others to synthesize research findings into recommendations for mitigation of security issues. Shares across teams. Drives change within a team based on research findings.

• Develop and implement new detection rules to identify potential security threats across various platforms and environments. It includes defining the latest threat information.
• Fine-tuning detection rules to improve accuracy, efficiency, and reduce false positive, ensuring optimal performance of the rules.

Basic Qualifications

• 8+ years of work experience in information security or large scale computing, and/or anomaly detection.
• Knowledge about and experience with the security threat trends, breaches and defense techniques and malware.
• Hands-on experience in at least one of the following areas:
  • Build automation and detection rules to find anomalous activities within the environment.
  • Perform Threat Hunting activities, allowing to proactively find anomalous activity within the environment.

• Understanding of Cyber Kill Chain, MITRE ATT&CK framework and how those are relevant to the threat landscape.

• Fluent in both Korean and English
• Intermediate to advanced English skills (written and verbal) are required to communicate technical information clearly to global teams and management.

Preferred Qualifications

• E-commerce industry-specific security threat expertise.
• Experience on cloud (AWS or GCP) and good understanding of the differences between Cloud and on-prem data-center environments.
• Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs). 
• Experience with various forensic log artifacts found in Security Information and Event Management (SIEM) logs, web server logs, Antivirus (AV) logs, protection logs such as Host-based Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS) logs 
• Knowledge of third-party cybersecurity solutions, especially Extended Detection and Response (EDR) and Security Information and Event Management (SIEM) solutions

• Knowledge in writing a variety of queries in SIEM, particularly Splunk.
• Computer Science, Computer Engineering, or related technical Degree

• Investigation/Cybersecurity/Digital Forensics/DFIR (Digital Forensic Incident Response) certifications (e.g. Certified Information Systems Security Professional (CISSP), SysAdmin, Audit, Network and Security (SANS), Global Information Assurance Certification (GIAC) etc.)