Senior Staff Security Engineer

## Job Introduction

Coupang's Application Security Architecture provides 'solution architects' to design and build a secure foundation for the world's fastest and most innovative e-commerce, fintech, and logistics platforms. We are not an obstacle to the development process, but a partner in accelerating business growth. Our mission goes beyond simply finding vulnerabilities to provide an architecture of viable security solutions that enable thousands of developers to quickly and efficiently build secure-by-default systems.

## Key Responsibilities

• Design and Deliver Security Solution Architecture: Participate in the planning and design stages of major new services to design a secure and scalable security architecture that meets business requirements and provide specific solutions.

• Lead threat modeling and risk analysis: Lead threat modeling with the development team to proactively identify potential security risks and design actionable mitigations based on business impact.

• In-Depth Architecture and Code Review: Analyzes security vulnerabilities in microservices architectures, uncovering complex vulnerabilities, including loopholes in business logic, at the source code level, and providing practical remediation guides.

• Design and review AI system security: Internalize security throughout the entire lifecycle of newly introduced AI services. Based on the latest threat models, such as OWASP LLM Top 10, it analyzes unique AI security risks, such as prompt injection and data poisoning, and designs defense architectures.

• Design Security Standards and Solutions: Design a centralized solution architecture for key security areas, such as authentication, authorization, encryption, and secrets management.

## Eligibility Requirements

• At least 6 years of working experience in application security, product security, or security architecture.

• Experience designing or reviewing security in large-scale AWS-based microservices architecture environments.

• Possess detailed technical knowledge of cloud security, application security, mobile security, and secure development methodologies

• Deep understanding of core application security concepts, including authentication protocols, encryption, and secret management

• Experience leading the threat modeling process (e.g., STRIDE) and presenting specific architectural improvements to identify threats.

• In-depth understanding of major Web/API application vulnerabilities such as OWASP Top 10 and ability to formulate defense strategies.

• Excellent communication skills to clearly explain and persuade multiple stakeholders (developers, PMs, management) of complex technical solutions.

## Preferred Requirements

• Bachelor's degree holder in information technology, computer science, or related field

• Understanding security threats in AI/ML systems and experience in relevant security reviews.

• Excellent verbal and written communication skills in English

• Holders of international information security certifications (OSCP, GWAPT, CISSP, etc.)

## Behavioral and Cultural Conformity

• Problem-solving ability to proactively find 'solutions' with a high level of autonomy and responsibility in a rapidly changing environment.

• A positive and constructive partnership mindset that aims to grow together by collaborating and educating the development team rather than blaming them.

• Customer-centric thinking puts customer safety first and deep passion for Coupang's service.

• Flexible attitude to constantly learn new technologies (AI, etc.) and attack techniques and accept change.