Security Engineer - Event Analysis and Incident Response

About the Team You'll JoinThe Security Division at Toss Securities consists of the Security Policy Team, Security Engineering Team, Security Audit Team, and IT Innovation Team, with the Security Engineering Team focusing on technical security tasks.The Security Division receives comprehensive support across the organization to create secure services and collaborates closely with all departments.The Security Division is made up of the Security Engineering Team and the Security Policy Team.Team members actively share experiences and knowledge with colleagues in similar roles within the company to achieve common goals.The team includes individuals with diverse experience levels, ranging from 1 to 20 years, most of whom have backgrounds in cybersecurity firms or as corporate security officers.In 2024, the Security Engineering Team aims to enhance its information security management framework to achieve international recognition, focusing on improving areas such as SOAR, ZTNA, and Cloud/Container security.Your ResponsibilitiesDevelop and manage Toss Securities' security monitoring system using SIEM.Gather and analyze various logs to create monitoring policies for security threats.Analyze and respond to security threats and incidents occurring in customer-facing services and employee work environments.Conduct incident analysis and response tasks.Ideal Candidate ProfileExperience in building and operating various log collection/analysis systems such as Splunk, ELK, and Kafka is essential.Proficient in creating correlation rules for sequential scenario detection in SIEM.Strong analytical skills for security incidents and security events are required.Ability to automate procedures for security log analysis, validation, and response development is necessary.Experience in threat response in various service environments, including IDC, CDN, Public Cloud, and Kubernetes, is a plus.Resume RecommendationsInclude at least two memorable examples of policies you created to detect security threats.If applicable, detail any cases of technical problem-solving (optimization, bug fixes, etc.) focusing on the technologies used and the outcomes achieved.Journey to Join Toss SecuritiesApplication Submission > Job Interview > Cultural Fit Interview > Reference Check > Salary Negotiation > Final Offer & OnboardingPlease NoteIf any false information is found in the resume or submitted documents, or if any disciplinary actions are confirmed during employment history, the hiring may be canceled.Hiring may be canceled for individuals who are prohibited from employment according to Toss Securities' regulations or who have disqualifying factors.Individuals with disabilities and veterans will be given preference according to relevant laws.A Word for Future Colleagues“You can enjoy working and growing as a security engineer in an environment where the latest technologies are actively adopted!”I am engaged in analyzing cybersecurity events and responding to incidents. To do this, additional data collection and expansion of the analysis system are necessary, and Toss's rapid collaboration culture allows me to focus quickly on the essence of analysis tasks.Working alongside experts in systems, networks, and security fields fosters my growth daily, and the active adoption of cutting-edge technologies makes it a pleasure for event analysts eager for trends to join us.

#LI-DNIAbout the Team You Will JoinThe Security Engineer at Toss Care belongs to the Information & Security Tribe, actively participating in technical roles within the Security Purple Team and Security Green Team.The Security Purple Team combines Red and Blue team strategies to perform incident analysis and response, vulnerability assessments, penetration testing, and scenario-based threat modeling.We prioritize enhancing Toss's security posture while maintaining a customer-first principle through close communication and collaboration with all teams.Your Responsibilities Will Include:Overseeing the overall detection, analysis, and response to security incidents.Identifying security threats to Toss services and designing operational threat models and scenarios using various logs collected by SIEM.Establishing, enhancing, and automating the processes for security threat analysis and incident response.Researching technical analysis and response strategies for various attack vectors, including external threats and data breaches.We Are Looking For Candidates Who:Have hands-on experience in responding to and improving security threats through incident analysis.Are familiar with identifying and responding to security threats in Kubernetes and Public Cloud environments.Have experience in designing, operating, and improving Detection Engineering technologies.Possess extensive experience in deriving threat scenarios and responses through SIEM.Have experience in automating security threat detection/response tasks or optimizing them via LLM.Resume Writing Tips:Include specific examples of technical analysis and responses you have conducted for threat analysis and incident response.Showcase instances where you have improved efficiency, automation, or enhancement from a perspective of incident response through your strengths.Detail how you approached and solved challenges encountered during problem-solving processes.Provide concrete examples of how you applied your technical learning to your work.

Join the Daangn Team!At Daangn, we are committed to fostering an environment where individuals can grow alongside our company's success.We are here to assist you in reaching that moment where you can engage in meaningful discussions with amazing colleagues. About the Security TeamThe Security Team at Daangn is dedicated to ensuring the safe provision of our services. We defend against external attacks and prevent the leakage of valuable internal information. All our activities comply with various information security laws and regulations. We strive to understand Daangn's business model and provide clear criteria that are technically applied where appropriate. Through these efforts, we aim to create a trustworthy service for our users.Key ResponsibilitiesAnalyze and respond to security events in both customer service and internal office environments.Design, operate, and enhance detection systems and related activities for effective detection of security incidents and issues.Conduct investigations when security events occur to analyze breach paths and causes, and establish and implement measures to prevent recurrence.Continuously improve detection rules, automation, and operational processes based on insights gained during incident response.Who We Are Looking ForIndividuals with over 3 years of practical experience in responding to security incidents or events.Experience in analyzing security events and responding to incidents in complex service environments, including multi-cloud and SaaS.Proactive individuals who can lead incident response and operational improvements beyond the immediate scope of duties.Team players who can collaborate with various stakeholders to drive incident response and improvements.Preferred QualificationsContinuous interest in external security incidents and issues, with experience integrating CVEs and security trend reports into workflows.Experience utilizing OSINT, CTI, and Attack Surface information.Experience in improving analysis and response tasks through automation and AI for enhanced efficiency.Background in incident response within IT companies or large-scale service environments.Experience in building and operating SIEM or orchestration platforms.

#LI-DNI Join Our Dynamic Security Team! As a Security Engineer at Tosscareers, you will be part of the Information & Security Tribe, handling technical operations within the Security Purple Team and Security Green Team. The Security Purple Team is a hybrid of Red and Blue teams, focusing on event analysis, incident response, vulnerability assessments, penetration testing, and scenario-based threat modeling. We prioritize customer safety and collaborate closely with all teams to enhance Toss's security measures. Your Responsibilities Will Include: Designing, building, and operating SIEM (Splunk, Opensearch, Elasticsearch). Creating robust architectures for secure log collection across various environments (On-Prem, AWS, K8S). Ensuring stable operation and enhancement of log pipelines (NIFI, KAFKA, Hadoop). Establishing and managing logging/monitoring systems for performance optimization and incident response of the Security Data Platform (SIEM). Designing and normalizing standard models for various logs to improve log analysis efficiency. We Are Looking For Candidates Who: Have experience in designing and building scalable and optimized SIEM systems. Can identify and resolve issues in log collection, data loading, search, and query building processes. Have worked with heterogeneous security log pipelines in On-Prem and AWS environments (ETL, ELT). Have standardized various forms of security logs (OCSF, CIM, etc.) for easier analysis. Have automated tasks using Python scripting. Resume Tips: Detail specific examples of your work, particularly your roles in projects, the technologies used, and improvements made before and after. Explain any challenges faced during problem-solving and how you addressed them. If you have diverse problem-solving experiences (technical, managerial), provide concrete examples. Include specific cases where you applied learned technical skills to your work.

Join Our Team!The Security Team at Toss aims to enhance our defenses to world-class standards. We focus on assessing the security of our cutting-edge financial systems and aim to integrate the latest security techniques first.Our team involves security engineers from the very start of service development, ensuring that product owners, developers, and designers share a common goal of enhancing security, maintaining a balance between usability and safety.As a Security Researcher, you will continuously assess the security of our services, including penetration testing, while collaborating closely with the engineering team to proactively identify and resolve vulnerabilities in Toss services. Responsibilities:Conduct penetration testing and vulnerability assessments on Toss's internal and external services (web, mobile apps, etc.).Perform APT simulations while researching and analyzing new hacking techniques and defense strategies.Design service architecture to ensure safe and convenient services. We Are Looking For:Individuals with experience in security assessments, vulnerability testing, and penetration testing for large-scale operational services.Those who are passionate about new technology trends and eager to grow with their colleagues. Resume Recommendations:Include experiences where you researched or established security review measures for the latest IT technologies.Highlight any awards from domestic or international penetration testing competitions or bug bounty experiences. Technologies We Utilize:Web Hacking, Reverse Engineering, Cryptography, Mobile, Network The Recruitment Journey at Toss:Application > Job Interview > Cultural Fit Interview > Reference Check > Compensation Discussion > Final Acceptance and Onboarding A Message for Future Colleagues:We want to work with someone who will lead the innovation in finance and security together.We don't build features just to look good; if they don't add value, we won’t waste time. We are professionals who can operate independently without oversight. We are looking for colleagues who will join us in internalizing Toss's financial security technologies and drive innovation together.

About the Team You'll Join The Security Division at Toss Securities is composed of the Security Policy Team, Security Engineering Team, Security Audit Team, and IT Innovation Team, with the Security Engineering Team focusing on technical security tasks. The security team receives comprehensive support across the organization to ensure the safety of Toss Securities services and collaborates closely with all departments. Each team member actively engages with peers in similar roles across subsidiaries, sharing knowledge and experiences to achieve common goals. The team comprises members with diverse experience levels ranging from 1 to 20 years, many of whom have backgrounds in information security firms and corporate information security roles. This year, the Security Engineering Team aims to enhance its information security management system to achieve international recognition and strengthen its capabilities in SOAR, ZTNA, and Cloud/Container security. Your Responsibilities You will identify potential security threats, data leakage risks, and compliance violations across endpoint environments and work to mitigate these issues. Analyze conflicts between security requirements and actual workflows, implementing solutions that balance security and user experience. Address endpoint security issues by analyzing root causes and implementing improvements to prevent recurrence. Manage to maintain consistent endpoint security standards throughout the device lifecycle. Design and automate policy-based control logic to evaluate endpoint status, user context, device posture, and the policy settings of security solutions to determine access permissions. Integrate endpoint security controls with IAM and access control to enhance the overall security framework. Who We're Looking For Experience in designing and customizing detection rules, blocking policies, and monitoring logic based on potential security threats in endpoint environments. Experience in designing and implementing technical solutions such as policy exceptions, temporary authorizations, and selective monitoring to ensure security controls do not hinder actual workflows. Experience in investigating endpoint security issues through log analysis, process tracing, and filesystem investigation at the Windows and macOS levels to identify root causes and establish preventive measures. Experience in designing and managing systems to maintain consistency in security standards throughout the entire lifecycle of devices, from provisioning to disposal. Ability to implement a Policy Decision Point that determines access permissions based on endpoint status information collected via security solution APIs, with experience in Python/Go, OPA, or AI/MCP-based tools being a plus. Experience in integrating security context collected from endpoints (such as device compliance and threat detection results) with IAM, network, and application layer access controls via SCIM, Webhook, and API would be advantageous. Your Pathway to Joining Toss Securities Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Negotiation of Terms > Final Acceptance and Onboarding Additional Information Employment may be rescinded if false information is found in the resume or if any disciplinary actions are confirmed during employment history. Individuals who are prohibited from employment under Toss Securities regulations or have disqualifying factors may have their applications canceled. Individuals with disabilities and veterans will receive preferential treatment in accordance with relevant laws. A Note for Potential Colleagues We value innovation, collaboration, and a passion for security in our team. Join us to make a significant impact in the world of cybersecurity!

About the Team You Will Join The Security Division at Toss Bank comprises multiple teams including Security Policy, Privacy Protection, System Security, Network Security, Security Red Team, Security Blue Team, IT Service, and Security Audit. The Security Engineer (Endpoint Security) will work within the Security Division to manage various tasks aimed at protecting endpoints from external threats, particularly as part of the System Security Team. The Security Division collaborates with various teams to create secure and reliable services, and the System Security Team works closely with product organizations, Legal & Compliance, Platform Engineering, and Internal Audit to ensure security and regulatory compliance. We are dedicated to providing a secure environment for electronic financial transactions and to seamlessly integrating security into the daily operations of our users. Key Responsibilities Operate security solutions to protect Toss Bank's customers. Build, manage, and operate endpoint security solutions including Antivirus (AV), Data Loss Prevention (DLP), Network Access Control (NAC), and Endpoint Privilege Management (EPM). Ensure stable operation of endpoint security solutions and quickly resolve operational issues. Establish endpoint security policies for Windows and Mac OS and engage in proactive information security activities. Analyze events through endpoint security solutions and conduct threat response activities. Desired Qualifications A minimum of 5 years of experience in operating endpoint security solutions. Deep understanding of PC and server operating systems. Familiarity with basic networking and architecture concepts. Strong understanding of the operational principles and policies of endpoint security solutions. Experience with open-source endpoint security solutions and automation of security solutions is a plus. Application Instructions Please include detailed descriptions of your responsibilities and specific examples in your resume, as simple project lists may not be sufficient. We recommend submitting a portfolio along with your resume. Highlight your experiences and knowledge relevant to the job area in your application. In your portfolio, please document your studies or practical experiences in security technology and your level of understanding. Join Us at Toss Bank Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Compensation Discussion > Final Acceptance and Onboarding Please Note Any discovery of false information in your resume or disciplinary actions during your employment history may result in cancellation of your application.

Welcome to the Daangn Team!At Daangn, we strive to create an environment where individuals can grow alongside the company's success.We are here to assist you in reaching that moment of joy while working with wonderful colleagues. Introducing the Security TeamThe Security Team aims to ensure that Daangn provides services securely. We defend against external attacks and prevent the leakage of valuable internal information. All our activities comply with various information protection laws and regulations. By understanding Daangn's business model, we provide clear standards that are implemented technically. Through these efforts, we create a reliable service that users can trust.Key ResponsibilitiesAssess and improve security risks in AI/ML-based service environments.Audit and manage access controls and security configurations for AI service components, including training data, model files, APIs, and infrastructure.Monitor and respond to security issues in LLM and generative AI environments, such as prompt injection and data leaks.Analyze AI service logs to detect anomalies, investigate security events, and resolve issues.Conduct security vulnerability assessments and actions during model deployment and operation.Establish and continuously improve security guidelines and policies.We Seek Candidates Who:Have experience in vulnerability assessments, penetration testing, or incident response.Are familiar with LLMs and understand the operational mechanisms of prompt-based services.Have a foundational understanding of cloud architecture (IAM, networking, storage) in platforms like AWS, GCP, or Azure.Possess basic knowledge of AI/ML or LLM service structures.Have experience in log analysis and root cause identification.Are proactive in addressing security issues, focusing on improvements rather than just reporting.Preferred Qualifications:Understanding of ML pipelines (data collection → training → deployment → monitoring).Experience with container environments such as Docker and Kubernetes.Have at least one year of experience in security, cloud, backend, or ML engineering.Have experience in improving repetitive tasks through security automation or scripting.Regularly learn about and share new AI security issues or trends.Additional InformationThere is a 3-month probation period for full-time hires.As per the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities Act and the Act on the Honorable Treatment and Support of Veterans, individuals with disabilities and veterans will receive preferential hiring.

Team and Collaboration The Security team at Toss brings together a range of professionals: CISO, Security Engineers, Security Researchers, Information Security Managers, Privacy Managers, and IT Managers. This group works closely with the Infra team, product development silos, Legal, and Compliance to build secure services for Toss. Members also connect with security peers across subsidiaries, sharing knowledge and collaborating on specialized areas. Working here means helping to build and improve security systems that support Toss in delivering reliable services. What You Will Do Design and operate AWS cloud security architecture, managing cloud security infrastructure such as CSPM and CWPP. Set up detection and response systems using logs, and automate security policies with IaC tools like Terraform. Manage IDS/IPS, WAF, and DDoS protection systems, addressing network vulnerabilities proactively. Design and refine detection policies through traffic and packet analysis, including regular expressions. Collect and respond to security events using SIEM/SOAR, and operate endpoint solutions like EDR and DLP to strengthen organizational security. Lead security design at the service architecture level and support technical compliance requirements. Requirements At least 5 years of experience as an in-house Security Engineer. Hands-on experience building and operating security systems in AWS cloud environments. Background in constructing and managing network security solutions (IDS/IPS, WAF) and capability in traffic and packet analysis, including optimizing detection policies. Experience with SIEM for event correlation analysis and developing threat hunting and response playbooks is preferred. Familiarity with endpoint security solutions such as EDR, AV, and DLP, as well as handling malware responses and configurations, is a plus. Technical experience with security certifications and financial regulations (ISO27001, PCI-DSS, ISMS-P) is advantageous. Resume Tips Describe previous roles with clear examples, emphasizing project contributions, technology stacks, and measurable improvements. Share how you approached and solved challenges, including your thought process. Include experiences where you identified and responded to security threats or resolved technical and managerial issues. Highlight specific cases where you learned and applied new security technologies or addressed emerging threats. Hiring Process Application Job Interview Cultural Fit Interview Reference Check Compensation Negotiation Final Offer and Onboarding Voices from the Team "I enjoy working with exceptional colleagues." One team member who joined after serving as the sole security officer at a previous company shared how building Toss's security infrastructure alongside the team has brought stability and a stronger security posture. This collaborative environment has become a source of pride as the team secures valuable assets together. Toss encourages setting personal goals every half-year, empowering team members to take ownership and collaborate with accomplished peers.

About the Team You Will JoinThe Security Division of Toss Bank consists of various teams including Security Policy, Privacy Protection, System Security, Network Security, Security Red Team, Security Blue Team, IT Service, and Security Audit teams.The Network Security Engineer at Toss Bank will be responsible for the implementation and management of internal and external firewall systems, along with various tasks related to network security, including the operation of DDoS, IPS, and WAF systems.The Security Division collaborates with multiple teams to create a safe and reliable service for Toss Bank. The Network Security Team particularly works closely with product groups, and Legal & Compliance, Platform Engineering, and Internal Audit teams to ensure compliance and internal controls.Toss Bank's Security Division is committed to securing electronic financial transactions for clients and providing a safe working environment for employees.Responsibilities You Will HaveManage and improve network security solutions (FW, DDoS, IDS/IPS, WAF, Suricata) to protect services and employee work environments.Monitor and respond to network attacks and anomalies in real-time, continuously reviewing, tuning, and optimizing detection policies and rules.Design stable network security architecture and lead the construction and enhancement of new systems.Enhance operational efficiency through automation, creating an environment where security personnel can focus on strategic tasks.Ideal Candidate ProfileExperience in building and operating network security solutions (FW, DDoS, IDS/IPS, WAF, Suricata).Ability to analyze network security events/logs and experience in understanding and responding to various attacks.A deeper understanding of enterprise security infrastructure beyond simple equipment operations, focusing on policy, permissions, assets, and risk-based operations.Experience or fundamental understanding of network security architecture design, as well as experience in network troubleshooting and packet analysis (e.g., using Wireshark).Please Include the Following in Your ResumeRather than listing projects, we recommend detailing your roles, contributions, and results with specific examples.If you have experience designing network security architecture, detecting/blocking intrusions through pattern/signature analysis, or participating in drills, please mention them.Especially if you have detailed experiences in building/operating network security solutions or troubleshooting, please describe them thoroughly.

Security Engineers at daangn focus on protecting infrastructure and keeping user data safe. This position centers on finding vulnerabilities through penetration testing and setting up strong security protocols across our systems. Role overview This role involves hands-on work with infrastructure security in Seoul. The main responsibility is to identify and assess security risks, then act to address those issues. Attention to detail and a methodical approach are important, as your work directly impacts the safety of our platform. What you will do Conduct penetration tests to uncover vulnerabilities in our infrastructure Implement and maintain security protocols to meet high standards Support ongoing efforts to protect user data and system integrity Requirements Experience with infrastructure security and penetration testing Ability to identify, analyze, and address security vulnerabilities Commitment to maintaining strong security practices

About the Team You'll JoinThe Network Security Engineer at Toss Securities is part of the Network Engineering Team, collaborating closely with Network Engineers and IDC Managers.We work with top talents across various sectors, including finance, commerce, portals, and gaming, to establish and support secure networks for both external and internal customers.Our goal is to ensure that our teams can focus on product development by building robust infrastructure capable of supporting the largest retail securities firm in the market, driving automation for faster product launches. Your ResponsibilitiesAs a Network Security Engineer, you will manage security devices such as firewalls and VPNs to protect our customers and teams.Maintain a reliable, high-availability network that operates 24/7, continuously improving its resilience.Collaborate on the design and implementation of networks that interact with applications and servers.Build and operate network security devices, providing security foundation technologies within the data center. Who We Are Looking ForA minimum of 5 years of experience in building and operating network security devices.Experience in analyzing, optimizing, and maintaining firewall policies is essential.Strong understanding of TCP/IP protocols with packet analysis experience for troubleshooting.Experience with API integration of network security devices or scripting for automation is a plus.Familiarity with financial information protection regulations and experience in related implementations is advantageous.Experience designing and building security network architectures optimized for high traffic is highly desirable.Experience in public cloud environments (AWS, GCP, Azure) is a strong plus. Resume RecommendationsPlease describe a memorable technical issue you resolved (optimization, bug fix, etc.).Detail your contributions to projects, including your role, technologies used, and outcomes before and after the project. Journey to Joining Toss SecuritiesApplication submission > Technical interview > Cultural fit interview > Reference check > Salary negotiation > Final acceptance and onboarding. Please NoteAny inaccuracies in your resume or disciplinary history during employment may result in cancellation of the hiring process.Candidates identified as ineligible according to Toss Securities' regulations may have their applications canceled.Persons with disabilities and veterans will be given preference in accordance with applicable laws.

About the Team You Will JoinThe Security Infrastructure team is dedicated to designing security architectures that ensure the safe expansion of Toss's business, implementing and automating these architectures in real-world environments.This team covers cloud, network, and endpoint security, directly designing and implementing security policies and controls based on key infrastructure.We select technology stacks, create log architectures, and access control models, building a structure that defends against actual threats rather than merely implementing security for security's sake.Our team consists of members with diverse experiences, primarily from corporate information security roles and specialized information protection companies.We are looking for individuals who start with the question of “Why?” to improve security structures and design safer, more efficient methods while balancing technology and business needs.Responsibilities You Will UndertakeDevelop and manage information security solutions that protect Toss's services and employee environments.Establish and operate an access control system for internal information systems.Build a network separation environment and information leak response systems in accordance with financial compliance.Plan and operate systems to enhance security visibility and access control systems.Conduct modern threat analysis and incorporate global trends while establishing AI-based detection and analysis systems and real-time response strategies.Additional ResponsibilitiesDesign, build, and operate infrastructure security architectures across cloud (AWS/GCP/Azure) and on-premises/hybrid environments, covering networks, servers, databases, and containers. You may focus on either cloud or network based on your strengths.Design and reliably implement core security policies like IAM, network segmentation, access control, and encryption (KMS) in real environments.Structure repetitive security operations based on IaC and automation while collaborating with other teams to establish actionable security standards.Analyze security events and breach incidents to design and fundamentally improve security structure, policies, and automation.Ideal CandidateWe are searching for individuals with over 3 years of relevant experience.You should have experience dealing with infrastructure across cloud, network, and systems, not limited to one area.Experience in enhancing detection and response systems using security solutions like CSPM/CNAPP, SIEM, EDR, WAF, and KMS is essential.Experience in designing or improving operational efficiency through security automation and IaC with tools like Terraform/CloudFormation, Ansible, and Python is required.You should have experience interpreting and integrating security requirements in financial and regulatory environments (ISMS-P, ISO27001, PCI-DSS).

Key ResponsibilitiesCraft and implement a robust end-to-end security architecture tailored for SoC-based products.Develop features for Secure Boot and Anti-rollback mechanisms.Manage Key Provisioning alongside Hardware Root of Trust.Oversee Secure Lifecycle State management (LCS) for firmware, keys, and devices.Design and integrate security modules to enhance firmware and system-level defenses.Conduct thorough vulnerability assessments, attack surface evaluations, and implement memory protection hardening strategies.Integrate, validate, and optimize hardware cryptographic engines including AES/GCM engines, TRNG, PKA, RSA, PQC, and hash accelerators.Establish secure firmware update and rollback protocols along with comprehensive product lifecycle controls.QualificationsDeep understanding of embedded security principles, including Secure Boot, key management, and cryptography.Demonstrated experience with TLS, X.509, ECC, AES, and various cryptographic or security libraries.Proficient in C/C++ or Rust for developing secure system software.Experience identifying and analyzing security vulnerabilities in SoC/FPGA-based systems.Practical experience with hardware cryptographic engines and security IP blocks (e.g., AES/GCM, SHA accelerators, TRNG/DRBG, PKA).Solid understanding of firmware and key lifecycle management.Preferred QualificationsFamiliarity with TPM, HSM, TrustZone, OP-TEE, or related hardware security architectures.Experience in implementing secure firmware signing, provisioning, and deployment pipelines.Background in validating cryptographic engines under standards such as FIPS 140-3, NIST CMVP.Security engineering experience specifically for AI accelerators, networking chips, or SoCs.Contribute to development practices aligned with standards such as FIPS, PSA Certified, CAVP, and CMVP.

About the Team You'll Join The Network Security Engineer at Toss Securities is part of the Network Engineering Team, collaborating closely with Network Engineers and IDC Managers. You will work alongside top talents from diverse sectors including finance, commerce, portals, and gaming, focusing on building and supporting secure networks for both external and internal clients. Our goal is to provide robust support for product development, enabling rapid deployment by enhancing our infrastructure to handle large-scale traffic and pushing for automation. Your Responsibilities Upon Joining As a Network Security Engineer, you will be responsible for security devices in the network area, including firewalls, DDoS protection, and VPNs to safeguard Toss Securities' clients and teams. You will perform regular preventive maintenance to ensure the stable operation of security equipment. Management and improvement of Toss Securities' security device monitoring solutions will be part of your role. You will build and operate network security devices, providing security-based technology within the data center. Ideal Candidate Profile A degree in Information Security, Computer Engineering, Information Communication, or a related field is required. A solid understanding of networks and security devices is essential. High proficiency in TCP/IP protocols and experience in packet analysis for troubleshooting are preferred. Experience with security system API integration or work automation is a plus. Prior experience in security training or practical security work is advantageous. Resume Recommendations Please describe a memorable technical issue you resolved (optimization, bug fixes, etc.). Detail projects you contributed to, focusing on your role, technology stack used, and improvements made. The Journey to Joining Toss Securities Application submission > Job interview > Cultural fit interview > Reference check > Salary negotiation > Final acceptance and onboarding. Important Notes False information in your resume or disciplinary issues in your work history may result in cancellation of your application. Applicants who fall under hiring restrictions per Toss Securities policies may also have their applications canceled. Individuals with disabilities or veterans are prioritized according to relevant laws. A Message for Future Colleagues The Network Security Engineer at Toss Securities creates and manages a secure and robust network structure both on-premises and in the cloud. This role goes beyond equipment management; it involves understanding service flows and traffic to continuously innovate better structures. The position requires proactive identification of potential threats and developing solutions. Our team takes initiative to investigate issues, identify root causes, and suggest efficient solutions swiftly, respecting each other's opinions while collaboratively ensuring the stability of financial services. We strive to continuously create improved methods rather than sticking to established practices.

Company OverviewCoupang is committed to delivering exceptional customer experiences. When our customers ask, "How did I live without Coupang?" we know we have fulfilled our mission. With a relentless dedication to making shopping, dining, and everyday life easier for our customers, Coupang is at the forefront of transforming the multibillion-dollar e-commerce industry. As one of the fastest-growing e-commerce companies, we have established a unique position in the domestic market and built trust with our customers.We pride ourselves on being a global public company with a startup culture. This agility is our driving force as we continuously launch new services and expand our business. Every employee at Coupang is given the opportunity to embody an entrepreneurial spirit and drive innovation and initiatives. The courage to dive into work without hesitation and achieve results is at the core of how we operate. At Coupang, you will witness growth in yourself, your colleagues, your team, and the entire company every day.All Coupang employees are genuinely invested in our mission to shape the future of commerce. We tackle customer challenges, defy traditional beliefs, and push the boundaries of what’s possible. If you seek a remarkable work experience in a hyper-connected world with high availability and cutting-edge technology, join us at Coupang.Job OverviewThe Coupang Blue Team plays a pivotal role in monitoring all cyber incidents through log analysis, detecting threats, and responding swiftly to minimize damage. To achieve this goal, the Blue Team comprises various specialized units, including the Security Operations Center (SOC), the Detection and Response Team (DART), the Detection Engineering team focusing on enhancing incident detection capabilities, and the Blue Operations team responsible for the effective and stable operation of diverse security solutions and services.

About the RoleWe are seeking a dedicated Security Engineer to report directly to the CTO. This role is instrumental in establishing the company's security framework and implementing a Zero Trust architecture across our organization.You will be responsible for developing security policies, configuring systems, managing accounts, controlling access, ensuring cloud security, and conducting penetration testing.Key ResponsibilitiesEstablish and execute an enterprise security strategy and policies based on Zero Trust principles.Build and operate identity and access management systems (SSO, IAM, RBAC, etc.).Design and configure security architecture for SaaS and cloud infrastructure (AWS, GCP, etc.).Diagnose and enhance security vulnerabilities within internal systems and services.Collaborate with development and infrastructure teams to integrate security practices (code reviews, CI/CD security, etc.).Set up and manage incident response systems and monitoring environments.

#LI-DNIAbout the Team You Will JoinThe Toss Security Team is responsible for maintaining the security framework and various compliance measures. It comprises a security policy group and a security engineering group that identifies security threats and develops strategies to address them.Our team collaborates closely with various departments such as IT, personal data, infrastructure, and platforms to ensure the security of Toss's diverse services and team members’ work environments.Additionally, team members regularly engage in weekly meetings with peers from affiliated companies to share insights and collaborate on specialized areas.Our team includes professionals with 5 to 20 years of experience, most of whom have backgrounds in cybersecurity firms or corporate information security.We aspire to be the 'world's best security team' by developing robust security frameworks to protect our customers' valuable information against hacking and external threats while complying with various regulations.Responsibilities You Will HaveYou will build and operate information security solutions to protect Toss's customer services and the work environments of employees.You will establish access control measures to safeguard Toss Community's information systems (DB, Server, Network, etc.) and manage security solutions.You will implement and manage security systems (network separation, data leakage prevention, etc.) necessary for compliance with financial regulations.Your role will also involve improving security visibility and management systems to create a safe working environment for Toss teams.Ideal CandidateWe are looking for someone with experience in building and operating network security systems such as FW, NAC, and Proxy, along with infrastructure architecture design.Experience in designing access control models and control solutions for servers and databases using SAC and DAC is essential.Experience in building and operating cloud-based infrastructure and services (IaaS - AWS, Azure, OpenStack, etc. / SaaS - Google Workspace, M365, etc.) with security management is required.Experience in implementing and managing IAM and SSO systems (OKTA, KeyCloak, etc.) and designing permission management frameworks is highly desired.Familiarity with UEM systems for user clients like MS Intune, Workspace ONE, or Jamf is a plus.Knowledge of Zero Trust-based network access control configurations and an understanding of authentication protocols like SAML, OpenID, OAuth is a significant advantage.Experience with domestic and international security certifications and financial regulations like ISO27001, ISO27701, PCI-DSS, ISMS-P, and knowledge of compliance systems is preferred.Resume RecommendationsWe recommend detailing your problem-solving skills and technical experiences related to building and operating security solutions, including automation.

Join Our Dynamic TeamThe Data Engineer (AI) position is part of the AI Data Platform Team at Toss Securities.The AI Data Platform Team comprises Data Engineers, Machine Learning Engineers, Server Engineers, and Product Operation Managers, fostering collaboration across various roles.Our mission is to develop a unique data moat for Toss Securities through the integration of diverse securities domain data and AI technologies, providing essential insights for investors.We utilize external LLMs and conduct training and evaluation of our internally developed models while leveraging various data platform technologies.Your ResponsibilitiesProactively identify and lead projects to solve business challenges at Toss Securities, overseeing the entire process from data architecture design to development and operation.Build and manage a securities data platform that integrates, processes, and serves global market data.Establish and maintain a knowledge graph platform for real-time domain data.Create and operate data pipelines that underpin AI service products.Develop and manage a feature store for personalized recommendation services in real-time.Ensure data integrity by designing, developing, and operating data quality verification and monitoring systems.We Seek Candidates WhoHave over 5 years of experience in data engineering.Can comprehend requirements and analyze technical trade-offs to determine the optimal data architecture in a given environment.Possess a solid understanding and experience in large-scale distributed processing and data platforms.Have experience sharing knowledge with peers and junior engineers, contributing to the technical growth of the entire team.Are interested in leveraging AI beyond mere tools, understanding its principles to innovate engineering productivity.Can coordinate with colleagues across various functions and provide constructive feedback.Are eager to take on new challenges and proactively learn and grow.Preferred ExperiencesExperience with Kafka-based stream processing and large-scale distributed data processing (Hadoop/ClickHouse/ElasticSearch).Experience building and operating data pipelines using Airflow, Docker, and Kubernetes.Experience in monitoring and managing data integrity and quality.Stay up-to-date with the latest trends in AI/data technologies and have an interest in automation and productivity enhancement.

About the Team You Will Join The Data Engineer (Search) at Toss Securities is part of the AI Tribe within the AI Intelligence Silo. This Silo is a collaborative team consisting of Data Engineers, Machine Learning Engineers, Server Engineers, Frontend Engineers, Product Owners, and Product Designers, all working towards creating AI-driven information services leveraging securities domain data. Our focus is not just on presenting information but on rapidly experimenting with how to process and present data in a way that assists investors effectively. Search acts as the primary entry point connecting various securities data and AI services, with the Data Engineer (Search) being responsible for search/indexing functionalities that can be utilized across AI-based data services. The role centers around designing and operating the data and indexing aspects that constitute our search services, concentrating on stably designing and managing the data flow and infrastructure for search indexing rather than just enhancing algorithms or ranking models as seen in larger portals or e-commerce. Key Responsibilities Design and manage the indexing pipeline for Toss Securities search services, including stocks, autocomplete, news, and community features. Architect and reliably operate real-time/big data pipelines for search indexing. Gain insights into Elasticsearch-based search indexes and enhance the indexing structure and performance from a data perspective. Collaborate on data integrity management and re-indexing strategies to ensure stable data delivery for search. Gradually expand your responsibilities into areas beyond search, such as Graph search and ingestion of new data sources. Who We Are Looking For A candidate with over 3 years of experience in Data Engineering. Strong programming skills are preferred. Experience in designing or operating real-time or batch-based data pipelines is a plus. Experience in collecting and processing diverse data sources for service utilization is beneficial. Familiarity with big data processing platforms such as Spark, Hadoop, Impala is an advantage. A passion and curiosity for learning new domains and technologies are highly valued. A preference for collaborative environments where feedback and growth are encouraged is ideal. Additional Preferred Experience Experience using or managing search service infrastructures like Elasticsearch, Lucene, or Solr is advantageous. A genuine interest or experience in search domains such as search engines, recommendations, or ranking systems is a plus. Resume Tips Please detail your experience in designing/developing/operating data pipelines, ETL, streaming, etc. Highlight your role in projects and what you learned and improved through those experiences. If you have experience with search or Elasticsearch, even on a smaller scale, please describe the problems you solved. Your Journey to Joining Toss Securities Application submission > Job interview > Cultural fit interview > Reference check > Compensation discussion > Final acceptance and onboarding