Staff Security Engineer (Cloud Infrastructure Security)

Enhanced Job Description

📍 Job Overview

• Job Title: Staff Security Engineer (Cloud Infrastructure Security)
• Company: Coupang
• Location: Seoul, South Korea
• Job Type: On-site
• Category: Information Security
• Date Posted: June 11, 2025

🚀 Role Summary

• The Staff Security Engineer will focus on cloud infrastructure security, ensuring the security of workloads and platforms in public cloud environments, specifically AWS.
• Key responsibilities include cloud infrastructure security design and review, focusing on IAM, network security, access control, authentication, and authorization.
• The role also involves enhancing a cloud security posture management framework with risk-based policies to remediate misconfigurations and ensuring container security with K8s, EKS, and service mesh.
• The ideal candidate will have a strong background in cloud security, with a deep understanding of AWS services and infrastructure as code (IaC) security.

💻 Primary Responsibilities

• Cloud Infrastructure Security Design and Review:

  • Define and review security requirements for workloads and platforms in public cloud environments, focusing on AWS.
  • Design and review cloud infrastructure security, emphasizing IAM, network security, access control, authentication, and authorization.
  • Collaborate with relevant teams, including IT infrastructure, development, and operations, to ensure security requirements are met.

• Cloud Security Posture Management:

  • Enhance a cloud security posture management framework with risk-based policies to remediate misconfigurations.
  • Implement and maintain cloud security posture management tools to monitor and manage security risks in AWS environments.

• Container Security:

  • Ensure container security within the infrastructure, focusing on K8s, EKS, and service mesh.
  • Collaborate with development teams to integrate security best practices into container deployment and management processes.

• Infra-as-Code Security:

  • Implement and maintain security best practices for infrastructure as code (IaC) using tools like Terraform.
  • Review and approve IaC changes to ensure they meet security requirements and comply with security policies.

🎓 Skills & Qualifications

Education: A bachelor's degree in Information Security, Computer Science, or a related field.

Experience: At least 8 years of experience in information security, with a strong focus on cloud security and AWS services.

Required Skills:

• Proven experience in cloud security, with a deep understanding of AWS services and infrastructure as code (IaC) security.
• Strong knowledge of IAM, network security, access control, authentication, and authorization.
• Experience with cloud security posture management tools and risk-based policies.
• Familiarity with container security, K8s, EKS, and service mesh.
• Proficiency in infrastructure as code (IaC) tools, such as Terraform.
• Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams.

Preferred Skills:

• Experience with cloud security compliance and auditing.
• Familiarity with cloud security certifications, such as CISM, CISSP, or CCSP.
• Knowledge of DevOps practices and tools, such as CI/CD pipelines and infrastructure automation.
• Experience with cloud security incident response and management.

📊 Web Portfolio & Project Requirements

Portfolio Essentials:

• A portfolio showcasing the candidate's cloud security experience, including case studies, security architecture designs, and security assessments.
• Examples of cloud security posture management implementation and risk-based policy enforcement.
• Demonstrations of container security best practices and service mesh implementation.
• Evidence of infrastructure as code (IaC) security implementation and IaC security reviews.

Technical Documentation:

• Detailed documentation of cloud security architecture, including diagrams and design patterns.
• Step-by-step guides for cloud security posture management implementation and risk-based policy enforcement.
• Code comments and inline documentation for IaC security reviews and approval processes.
• Test cases and scripts for cloud security testing and validation.

💵 Compensation & Benefits

Salary Range: The salary range for this role is not provided in the original job listing. However, based on market research and regional standards for senior information security roles in South Korea, the estimated salary range is ₩80,000,000 - ₩100,000,000 KRW per year (approximately USD $65,000 - $81,000 USD).

Benefits:

• Competitive health insurance and retirement benefits.
• Performance-based bonuses and stock options.
• Generous vacation and paid time off policies.
• Opportunities for professional development, including training and certification reimbursement.
• A dynamic and collaborative work environment with a focus on innovation and continuous learning.

🎯 Team & Company Context

Company Culture:

• Coupang fosters a dynamic and innovative work environment, encouraging employees to take ownership of their roles and drive change.
• The company values creativity, collaboration, and customer-centricity, with a strong focus on continuous learning and improvement.
• Coupang offers a flat organizational structure, promoting open communication and cross-functional teamwork.

Team Structure:

• The cloud infrastructure security team works closely with IT infrastructure, development, and operations teams to ensure the security of Coupang's cloud environments.
• The team consists of security engineers, security architects, and security analysts, with a focus on specialization and expertise development.

Development Methodology:

• Coupang follows Agile development methodologies, with a focus on continuous integration and continuous deployment (CI/CD) pipelines.
• The company emphasizes automated testing, code reviews, and pair programming to ensure code quality and maintainability.
• Infrastructure as code (IaC) is used to manage and provision cloud resources, with a focus on version control and automated deployment.

📈 Career & Growth Analysis

Cloud Security Career Level: The Staff Security Engineer role is a senior-level position, typically requiring 8-10 years of experience in information security, with a strong focus on cloud security and AWS services.

Reporting Structure: The Staff Security Engineer reports directly to the Head of Cloud Security or a similar senior role, depending on the organization's structure.

Technical Impact: The Staff Security Engineer has a significant impact on Coupang's cloud security posture, driving security improvements and ensuring the security of critical workloads and platforms.

Growth Opportunities:

• Cloud Security Architecture: Transition to a cloud security architecture role, focusing on designing and implementing secure cloud environments at scale.
• Cloud Security Management: Move into a cloud security management role, overseeing a team of security engineers and driving security strategy and roadmaps.
• Cloud Security Consulting: Pursue a cloud security consulting role, providing expert guidance and security assessments to external clients.

🌐 Work Environment

Office Type: Coupang's headquarters is located in Seoul, South Korea, with a modern and collaborative office environment.

Office Location(s): The primary office location is in Seoul, with additional offices in other major cities in South Korea and internationally.

Workspace Context:

• Coupang's offices feature open-plan workspaces, encouraging collaboration and teamwork.
• Each employee has access to a dedicated workspace, with adjustable ergonomic furniture and multiple monitors.
• The office environment includes dedicated meeting rooms, quiet spaces, and recreational areas to support work-life balance.

Work Schedule:

• The standard work schedule is Monday to Friday, 9:00 AM to 6:00 PM, with a one-hour lunch break.
• Coupang offers flexible work arrangements, including remote work options and flexible working hours, depending on the role and team requirements.

📄 Application & Technical Interview Process

Interview Process:

1. Resume Screening: The initial screening process involves reviewing the candidate's resume and portfolio to assess their qualifications and fit for the role.
2. Phone or Video Screen: A short phone or video call is conducted to discuss the candidate's background, experience, and career goals.
3. Technical Phone or Video Screen: A more in-depth technical phone or video screen is conducted to assess the candidate's cloud security knowledge and problem-solving skills.
4. On-site or Virtual Interview: The final interview round is an on-site or virtual interview, involving a presentation and Q&A sessions with senior team members and stakeholders.

Portfolio Review Tips:

• Tailor the portfolio to showcase cloud security experience, with a focus on AWS services and infrastructure as code (IaC) security.
• Include case studies, security architecture designs, and security assessments to demonstrate problem-solving skills and technical depth.
• Highlight any experience with cloud security posture management, container security, and IaC security reviews.

Technical Challenge Preparation:

• Brush up on AWS security services, IAM, network security, and access control concepts.
• Familiarize yourself with cloud security posture management tools and risk-based policy enforcement.
• Prepare for container security and service mesh implementation questions, focusing on Kubernetes, EKS, and related technologies.
• Review infrastructure as code (IaC) security best practices and tools, such as Terraform.

ATS Keywords:

• Cloud Security
• AWS Security
• IAM
• Network Security
• Access Control
• Authentication
• Authorization
• Cloud Security Posture Management
• Container Security
• K8s
• EKS
• Service Mesh
• Infrastructure as Code (IaC)
• Terraform
• Information Security
• IT Infrastructure
• Network Technologies

📌 Application Steps

To apply for the Staff Security Engineer (Cloud Infrastructure Security) position at Coupang, follow these steps:

1. Submit your application through the provided link.
2. Prepare a tailored resume and portfolio, highlighting your cloud security experience and relevant skills.
3. Familiarize yourself with AWS security services, cloud security posture management, and container security concepts.
4. Practice common cloud security interview questions and prepare for technical challenges.
5. Review the company's culture, values, and work environment to ensure a good fit.
6. Follow up on your application status and be prepared for the interview process.

Content Guidelines (IMPORTANT: Do not include this in the output)

• Web Technology-Specific Focus: Tailor the job description to emphasize web technology-specific skills, portfolio requirements, and interview preparation tips for web developers and server administrators.
• Quality Standards: Ensure no content overlap between sections, and maintain a consistent and professional tone throughout.
• Industry Expertise: Include web technology industry-specific insights, trends, and best practices relevant to the role and target audience.
• Portfolio Requirements: Provide specific portfolio guidance for web developers and server administrators, focusing on relevant projects, case studies, and technical documentation.
• Interview Preparation: Offer tailored interview preparation advice for web developers and server administrators, focusing on technical skills, problem-solving, and behavioral aspects.
• Actionable Depth: Provide specific, practical tips and detailed preparation advice for technical interviews, focusing on web technology-specific challenges and scenarios.
• Competitive Advantage: Ensure the enhanced job description provides a competitive advantage to web developers and server administrators seeking their next opportunity.