Director, Security Operations

 Director- Security Operations

Description:

Coupang strives to wow our customers, and fulfill our mantra, “How did we ever live without Coupang?”  We want to protect our customers, as they rely on our services in their daily lives.  We protect small businesses that build their operation on the Coupang ecommerce platform.  Our customers entrust their personal data while using our services securely and reliably.  Also, personal data of our fellow employees and their data are protected, as they come to work proudly every day as Coupang employees.

We exist to be thought leaders and help the industry and government partners.  We focus on business outcomes and not egos and accomplish business successes with a sense of pride as a cohesive unit of security professionals.  We want to protect and secure all aspects of Coupang businesses, as customers and small businesses use our services every day.

As our Director over Security Control Operations and Assurance, you will be responsible for building a new program that combines our existing foundational scanning functionality with a proactive approach to Control Assurance leveraging modern toolsets around data identification, classification, and retention enforcement across all possible data sources from endpoint to cloud.

This is a new function being created to address the unique challenges of the eCommerce space of a global company.  You will need a proven track record of building successful programs, inspiring, and developing teams, with the ability to work across levels and organizations with autonomy. 

You will be a technical manager and thought leader that has expert working knowledge in Control Operations and Assurance, risk-based vulnerability and configuration management, root-cause security issues, quickly assessing the potential threats, and educating other members of the broader team.

Key Responsibilities:

• Design, develop, and maintain vulnerability scanning profiles for enterprise IT infrastructure, including servers, workstations, cloud environments, and network devices.
• Develop auditable systems to assess and validate scope, scale, and saturation of scans.
• Develop, manage, and operationalize contextually aware SBOM scanning.
• Design, develop, and maintain secure baseline configurations for enterprise IT infrastructure, including servers, workstations, cloud environments, and network devices.
• Enforce security configuration policies and standards in alignment with industry best practices (e.g., CIS, NIST, DISA STIGs).
• Refine client baseline configuration standards from industry standard secure baseline configurations (e.g., CIS, NIST, etc.).
• Conduct periodic assessments to validate security compliance and identify deviations from baseline configurations.
• Adjust compliance scanning policies and disposition false positive scan results.
• Support expansion of the program to remaining asset categories.
• Develop and manage automated solutions for secure configuration deployment and monitoring.
• Conduct periodic assessments to validate security compliance and identify deviations from scanning configurations.
• Provide technical leadership in security configuration management, including training and mentorship for junior team members.
• Work with baseline configuration management and threat intelligence teams to enhance security postures based on evolving threats and risk assessments.
• Ensure alignment with regulatory and compliance requirements, such as PCI-DSS, HIPAA, ISO 27001, and FedRAMP.
• Document and maintain security configuration policies, procedures, and implementation guides.
• Investigate and remediate security configuration issues identified through audits, assessments, or security incidents.

Qualifications:

• 10+ years of experience in vulnerability and security configuration management in both cloud and on-premises environments, system administration, and compliance.
• Experience with workflow automation and reporting solutions.
• Familiarity with DevSec Ops principles and secure infrastructure as code (IaC) practices.
• Experience with policy-based compliance frameworks such as SCAP, Opens CAP, or Splunk compliance monitoring.
• Expert knowledge of infrastructure, application, and cloud vulnerability detection.
• Specialized expertise in industry vulnerability management sources (CISA, CVE, NVD, etc.), public cloud hosting/architecture, and SaaS configuration monitoring tooling (e.g., Netskope).
• Strong knowledge of security frameworks, including CIS Benchmarks, NIST 800-53, DISA STIGs, and ISO 27001.
• Proficiency in scripting languages (e.g., PowerShell, Python, Bash) for automation and compliance enforcement.
• Experience with security configuration auditing and assessment tools (e.g., SCAP, Nessus, Tenable, Qualys).
• Strong problem-solving, analytical, and communication skills.
• Master’s degree or equivalent practical experience

Preferred Languages and Certifications:

• Industry certifications such as CISSP, CISM, CISA, or relevant vendor-specific certifications (AWS Security, Microsoft Security, etc.) are preferred.
• English, Korean, and Mandarin