Security Analyst

About the Team You’ll Join The Security Division at Toss Bank is composed of several specialized teams including Security Policy, Privacy Protection, System Security, Network Security, Security Red Team, Security Blue Team, IT Service, and Security Audit. As a Security Analyst at Toss Bank, you will be an integral part of the Security Blue Team, focusing on …

Join Coupang as an IT Security Compliance Analyst. We are looking for a dedicated professional to ensure our compliance with security standards and regulations. You will play a vital role in maintaining our security posture and assisting in audits and assessments. Your expertise will directly contribute to safeguarding our systems and data.

[English follows Korean.] Company Overview Coupang exists to deliver customer delight. We know we are fulfilling our mission when customers ask, "How did I live without Coupang?" With relentless dedication to making shopping, dining, and daily life simpler for our customers, Coupang is leading innovations across the multi-billion dollar e-commerce industry. As one of the fastest-growing e-commerce companies, we have established an unrivaled position in the domestic commerce sector and built customer trust. Coupang prides itself on being a globally listed company rooted in a startup culture. This agility, present since our founding, drives our continuous launch of new services and business expansion. Every employee at Coupang is given the opportunity to foster an entrepreneurial spirit and lead new innovations and initiatives. The courage to dive into work and achieve results is the essence of how we operate. At Coupang, you will witness daily growth in yourself, your colleagues, your team, and the entire company. All Coupang employees are genuinely committed to our mission of shaping the future of commerce. We solve customer problems, challenge traditional notions, and push the limits of what is possible. If you seek an amazing work experience in a hyper-connected world with high availability and cutting-edge technology, join Coupang now. Position Overview This role is an Individual Contributor position within the Security Compliance team. The team member will leverage their knowledge and skill set to support IT Security Compliance activities. Responsibilities may include coordinating updates to the IT Security Compliance Framework, Standards, or SOPs, evaluating compliance with internal policies and/or regulatory requirements, and gathering responses to support regulatory reporting.

About the Team You'll Join The Security Division at Toss Securities is composed of the Security Policy Team, Security Engineering Team, Security Audit Team, and IT Innovation Team, with the Security Engineering Team focusing on technical security tasks. The security team receives comprehensive support across the organization to ensure the safety of Toss Securities services and collaborates closely with all departments. Each team member actively engages with peers in similar roles across subsidiaries, sharing knowledge and experiences to achieve common goals. The team comprises members with diverse experience levels ranging from 1 to 20 years, many of whom have backgrounds in information security firms and corporate information security roles. This year, the Security Engineering Team aims to enhance its information security management system to achieve international recognition and strengthen its capabilities in SOAR, ZTNA, and Cloud/Container security. Your Responsibilities You will identify potential security threats, data leakage risks, and compliance violations across endpoint environments and work to mitigate these issues. Analyze conflicts between security requirements and actual workflows, implementing solutions that balance security and user experience. Address endpoint security issues by analyzing root causes and implementing improvements to prevent recurrence. Manage to maintain consistent endpoint security standards throughout the device lifecycle. Design and automate policy-based control logic to evaluate endpoint status, user context, device posture, and the policy settings of security solutions to determine access permissions. Integrate endpoint security controls with IAM and access control to enhance the overall security framework. Who We're Looking For Experience in designing and customizing detection rules, blocking policies, and monitoring logic based on potential security threats in endpoint environments. Experience in designing and implementing technical solutions such as policy exceptions, temporary authorizations, and selective monitoring to ensure security controls do not hinder actual workflows. Experience in investigating endpoint security issues through log analysis, process tracing, and filesystem investigation at the Windows and macOS levels to identify root causes and establish preventive measures. Experience in designing and managing systems to maintain consistency in security standards throughout the entire lifecycle of devices, from provisioning to disposal. Ability to implement a Policy Decision Point that determines access permissions based on endpoint status information collected via security solution APIs, with experience in Python/Go, OPA, or AI/MCP-based tools being a plus. Experience in integrating security context collected from endpoints (such as device compliance and threat detection results) with IAM, network, and application layer access controls via SCIM, Webhook, and API would be advantageous. Your Pathway to Joining Toss Securities Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Negotiation of Terms > Final Acceptance and Onboarding Additional Information Employment may be rescinded if false information is found in the resume or if any disciplinary actions are confirmed during employment history. Individuals who are prohibited from employment under Toss Securities regulations or have disqualifying factors may have their applications canceled. Individuals with disabilities and veterans will receive preferential treatment in accordance with relevant laws. A Note for Potential Colleagues We value innovation, collaboration, and a passion for security in our team. Join us to make a significant impact in the world of cybersecurity!

About the Team You'll Join The Analyst at Toss Securities is part of the Research Center Team. This team is dedicated to creating research materials and content tailored for individual investors. Your Responsibilities Will Include Continuously monitoring stock and financial markets, providing in-depth analysis of investment trends and changes. Creating materials that simplify complex investment knowledge and information for our primary clients, individual investors. Analyzing a wide range of investment topics, including macroeconomics, stocks, bonds, commodities, industries, and companies in both South Korea and the United States. Collaborating with content specialists to plan and produce investment information content that is accessible for those with limited investment experience. Conducting data-driven hypothesis testing and improvements to enhance the efficiency of data and content delivery. Working closely with relevant departments as a stock expert to contribute to the planning and development of new investment content based on professional knowledge. We Are Looking For Candidates Who Meet the requirements of the Financial Investment Association as a research and analysis specialist (at least one of the following): 1) Have over 12 years of research experience at a securities firm. 2) Hold a Master’s degree in finance or related fields, or have passed the Financial Investment Analyst exam, with at least 10 years of research experience at a securities firm. Possess English proficiency that allows for leading global business meetings, and the ability to conduct in-depth analysis of investment materials in English. Have extensive research experience in global markets, U.S. stocks, economics, investment strategies, industries, companies, and ETFs. Demonstrate a strong understanding and interest in fintech-based mobile/web services and products. Enjoy new challenges, think outside the box, and actively pursue self-initiated projects. Be able to lead collaboration with colleagues, working passionately and with a positive, open mindset. Important Notes Please combine the following two documents into a single file and attach it in the portfolio section of the application page: 1) Verify your registration as a research and analysis specialist on the Financial Investment Association website (https://www.kofia.or.kr/index.do), and submit a screenshot or proof. 2) Select up to two of your most representative reports published in the past, providing their titles along with a brief description and the reasons for their selection. Additional Information Any discrepancies or false information found in your resume or submitted documents may result in cancellation of your application. Hiring may be canceled for individuals with disqualifying factors as per Toss Securities regulations. Individuals with disabilities and veterans are given preferential treatment in accordance with relevant laws. Your Journey to Joining Toss Securities Application Submission > Preliminary Assignment > Job Interview > Cultural Fit Interview > Reference Check > Salary Negotiation > Final Acceptance & Entry Trading Restrictions for Employees in the Research Center This position is affiliated with the Research Center and is subject to restrictions on trading financial products.

About the Team You Will Join The Security Division at Toss Bank comprises multiple teams including Security Policy, Privacy Protection, System Security, Network Security, Security Red Team, Security Blue Team, IT Service, and Security Audit. The Security Engineer (Endpoint Security) will work within the Security Division to manage various tasks aimed at protecting endpoints from external threats, particularly as part of the System Security Team. The Security Division collaborates with various teams to create secure and reliable services, and the System Security Team works closely with product organizations, Legal & Compliance, Platform Engineering, and Internal Audit to ensure security and regulatory compliance. We are dedicated to providing a secure environment for electronic financial transactions and to seamlessly integrating security into the daily operations of our users. Key Responsibilities Operate security solutions to protect Toss Bank's customers. Build, manage, and operate endpoint security solutions including Antivirus (AV), Data Loss Prevention (DLP), Network Access Control (NAC), and Endpoint Privilege Management (EPM). Ensure stable operation of endpoint security solutions and quickly resolve operational issues. Establish endpoint security policies for Windows and Mac OS and engage in proactive information security activities. Analyze events through endpoint security solutions and conduct threat response activities. Desired Qualifications A minimum of 5 years of experience in operating endpoint security solutions. Deep understanding of PC and server operating systems. Familiarity with basic networking and architecture concepts. Strong understanding of the operational principles and policies of endpoint security solutions. Experience with open-source endpoint security solutions and automation of security solutions is a plus. Application Instructions Please include detailed descriptions of your responsibilities and specific examples in your resume, as simple project lists may not be sufficient. We recommend submitting a portfolio along with your resume. Highlight your experiences and knowledge relevant to the job area in your application. In your portfolio, please document your studies or practical experiences in security technology and your level of understanding. Join Us at Toss Bank Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Compensation Discussion > Final Acceptance and Onboarding Please Note Any discovery of false information in your resume or disciplinary actions during your employment history may result in cancellation of your application.

Welcome to the Daangn Team!At Daangn, we strive to create an environment where individuals can grow alongside the company's success.We are here to assist you in reaching that moment of joy while working with wonderful colleagues. Introducing the Security TeamThe Security Team aims to ensure that Daangn provides services securely. We defend against external attacks and prevent the leakage of valuable internal information. All our activities comply with various information protection laws and regulations. By understanding Daangn's business model, we provide clear standards that are implemented technically. Through these efforts, we create a reliable service that users can trust.Key ResponsibilitiesAssess and improve security risks in AI/ML-based service environments.Audit and manage access controls and security configurations for AI service components, including training data, model files, APIs, and infrastructure.Monitor and respond to security issues in LLM and generative AI environments, such as prompt injection and data leaks.Analyze AI service logs to detect anomalies, investigate security events, and resolve issues.Conduct security vulnerability assessments and actions during model deployment and operation.Establish and continuously improve security guidelines and policies.We Seek Candidates Who:Have experience in vulnerability assessments, penetration testing, or incident response.Are familiar with LLMs and understand the operational mechanisms of prompt-based services.Have a foundational understanding of cloud architecture (IAM, networking, storage) in platforms like AWS, GCP, or Azure.Possess basic knowledge of AI/ML or LLM service structures.Have experience in log analysis and root cause identification.Are proactive in addressing security issues, focusing on improvements rather than just reporting.Preferred Qualifications:Understanding of ML pipelines (data collection → training → deployment → monitoring).Experience with container environments such as Docker and Kubernetes.Have at least one year of experience in security, cloud, backend, or ML engineering.Have experience in improving repetitive tasks through security automation or scripting.Regularly learn about and share new AI security issues or trends.Additional InformationThere is a 3-month probation period for full-time hires.As per the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities Act and the Act on the Honorable Treatment and Support of Veterans, individuals with disabilities and veterans will receive preferential hiring.

Join Our Dynamic Team As a Data Analyst at Toss Securities, you will be part of our data analytics team. Our Data Analytics (DA) team comprises two main segments: the enterprise analytics unit and the product analytics unit, where you will be contributing to product analysis. Our team is diverse, with members hailing from finance, gaming, e-commerce, O2O, and portal backgrounds, bringing a wealth of experience. Your Responsibilities Support data-driven decision-making for our product development teams. Quantify team goals and identify key levers to achieve them, providing direction for prioritization. Contribute to product enhancements through A/B test design and result analysis, leveraging various analytical methodologies for insights. Ideal Candidate Profile Proficient in SQL for data extraction and cleansing. High-level understanding of mobile service data analysis methods (Customer Lifetime Value, Retention, Cohort Analysis, etc.). Experience in setting hypotheses and conducting experiments to improve services. Demonstrated ability to design A/B tests and derive meaningful results. Familiarity with data visualization tools (such as Tableau) is a plus. No strict experience level is required; we value insights gained from diverse experiences. Resume Recommendations Detail impactful projects from your experience. Clearly outline the problem definition, hypothesis setting, experimental design, and result validation processes. Share experiences where you deepened user understanding through data analysis and proposed actionable strategies. Confirm proficiency in mobile service data analysis methods (LTV, AARRR, Cohort, Funnel, etc.). If objectives were met, quantify improvements in metrics like churn rate, conversion rate, and revenue. (Please omit sensitive information if necessary.)

Join Our TeamToss Bank's Security Division consists of specialized teams including Security Policy, Privacy Protection, System Security, Network Security, Red Team, Blue Team, IT Service, and Security Audit.The Security Operations Specialist (System Security) plays a crucial role in safeguarding Toss Bank’s systems against external threats, operating within the System Security Team.This division collaborates with various teams to create a safe and reliable Toss Bank service. Specifically, the System Security Team works closely with product organizations, Legal & Compliance, Platform Engineering, and Internal Audit to ensure regulatory compliance and internal controls. The synergy across all teams fosters effective collaboration towards shared goals.The Security Division is committed to providing secure electronic financial transaction services, ensuring that security is integrated into users' workflows for a safe working environment.Key ResponsibilitiesDevelop, manage, and enhance access control security solutions.Manage security solutions such as Server Access Control (SAC), Database Access Control (DAC), and Apache Ranger.Troubleshoot and resolve various issues arising from security solutions.Enhance operational policies and elevate management standards through diverse tools and methods.Who We're Looking ForExperience in information security is beneficial but not mandatory. Candidates with experience managing access control security solutions or understanding the principles of various security solutions are preferred.Interest in automating security tasks using PowerShell, Python, or APIs to improve efficiency and management is desirable.Understanding of IT infrastructure, operating systems, and databases relevant to security solution operations is expected.A strong desire to analyze and resolve issues that arise during the operation of security solutions is sought.Experience in automating repetitive operational tasks and working with log parsing, cleansing, and detection rule creation is advantageous.Experience in implementing security policies to comply with electronic financial transaction laws and regulations is a plus.Resume Submission GuidelinesPlease provide detailed examples of your work experience, highlighting your role in projects, technologies used, and improvements made before and after.If you faced challenges while solving problems, explain your thought process and how you resolved them.If you have experience identifying and responding to security threats or solving diverse issues (technical and managerial), please detail these experiences.Document your experiences in learning new security technologies and threats specifically.Application ProcessApplication Submission > Job Interview > Cultural Fit Interview > Reference Check (if applicable) > Offer Negotiation > Final Acceptance and OnboardingImportant NotesThis is a contract position with an initial contract period of one year.New graduates are welcome to apply!Any discrepancies found in the resume or disciplinary actions during previous employment may result in cancellation of the hiring process.

About the Team You Will Join The Strategy Analyst position at Toss Securities is part of the Strategy & Ops Team within the Strategy Division. This role involves establishing company-wide objectives (mission, vision, business strategies, enterprise OKRs) and prioritizing them, necessitating collaboration with diverse teams such as Product, Data Analytics, Business Development, and Finance. Your Responsibilities Upon Joining You will need strong analytical thinking and communication skills to distill key insights from complex issues and deliver them effectively. Monitor and identify domestic and international market opportunities to drive exponential business growth. Utilize data to accurately assess the current state of products and devise strategies for improvement and growth. Conduct industry and business research and financial analysis to derive insights based on information and data about competitors and benchmark companies. We Are Looking for Someone Who Can quickly learn and conduct research on a variety of topics. Has experience in deriving insights about markets, businesses, and customers based on collected information. Can convey clear conclusions amidst complex information/data. Has research experience in strategy consulting internships, the securities industry, tech services, or global corporations. Joining the Toss Securities Journey Application submission > Job interview > Cultural fit interview > Reference check > Compensation negotiation > Final acceptance and onboarding. Please Note If any false information is found in your resume or if disciplinary actions are discovered during your employment history, your application may be canceled. Applicants who are prohibited from employment or have disqualifying reasons according to Toss Securities' internal regulations may also have their applications canceled. Individuals with disabilities and those eligible for national veterans' benefits will be given preference according to relevant laws. A Message for Future Colleagues We are in search of bold individuals who possess the dream and courage to drive change at Toss Securities faster than anyone else, embodying our guiding principle: “To reach places that no one has gone before.”

#LI-DNI Join Our Dynamic Security Team! As a Security Engineer at Tosscareers, you will be part of the Information & Security Tribe, handling technical operations within the Security Purple Team and Security Green Team. The Security Purple Team is a hybrid of Red and Blue teams, focusing on event analysis, incident response, vulnerability assessments, penetration testing, and scenario-based threat modeling. We prioritize customer safety and collaborate closely with all teams to enhance Toss's security measures. Your Responsibilities Will Include: Designing, building, and operating SIEM (Splunk, Opensearch, Elasticsearch). Creating robust architectures for secure log collection across various environments (On-Prem, AWS, K8S). Ensuring stable operation and enhancement of log pipelines (NIFI, KAFKA, Hadoop). Establishing and managing logging/monitoring systems for performance optimization and incident response of the Security Data Platform (SIEM). Designing and normalizing standard models for various logs to improve log analysis efficiency. We Are Looking For Candidates Who: Have experience in designing and building scalable and optimized SIEM systems. Can identify and resolve issues in log collection, data loading, search, and query building processes. Have worked with heterogeneous security log pipelines in On-Prem and AWS environments (ETL, ELT). Have standardized various forms of security logs (OCSF, CIM, etc.) for easier analysis. Have automated tasks using Python scripting. Resume Tips: Detail specific examples of your work, particularly your roles in projects, the technologies used, and improvements made before and after. Explain any challenges faced during problem-solving and how you addressed them. If you have diverse problem-solving experiences (technical, managerial), provide concrete examples. Include specific cases where you applied learned technical skills to your work.

Join Our Team The Security Audit Manager at Toss Securities will be part of the Security Division, working within the dedicated Security Audit Team. This team is responsible for conducting independent internal audits across the entire information security management system, IT infrastructure, and data management frameworks. Collaboration with various teams is essential to create reliable financial services, covering areas including security, infrastructure, platforms, and products. The Security Audit Team consists of specialists focusing on Information Security Management Systems and Data Management, supporting the decisions of the CISO and CPO. Key Responsibilities Develop annual audit plans based on information security policies and relevant regulations, auditing the security management status of IT infrastructure and information security systems comprehensively. Evaluate the adequacy and compliance of critical information security areas, including access control, security policy implementation, and encryption management. Inspect compliance with security requirements in modern IT environments, such as cloud computing and open-source software, including vulnerability management practices. Assess the appropriateness of IT disaster recovery and security incident response processes, identifying areas for improvement. Objectively analyze audit results, drafting reports and proposing actionable improvement strategies for identified issues. Ideal Candidate Profile Proven experience in information security audits or consulting, with demonstrated leadership skills in evaluating and enhancing information security management systems. Expertise in IT infrastructure and security systems (firewalls, IPS/IDS, WAF, etc.), along with experience in vulnerability analysis and assessment. Deep understanding of information security management system certification standards (ISMS-P, ISO 27001, etc.) and relevant regulations for conducting audits. Proficiency in security auditing within modern technology environments, including MSA, Kubernetes, and Cloud. Excellent communication skills to facilitate effective collaboration across diverse teams. Resume Tips Highlight your experience in information security management system audits or internal controls, including specific examples relevant to the role. Include experiences of improving IT environments or information security activities through audit responses and self-assessments. Detail instances where you identified vulnerabilities and made recommendations that enhanced the organization's security posture. If you have security audit experience in cloud environments or emerging technologies, please emphasize that as well as any complex problem-solving experiences with various teams. Application Process with Toss Securities Submit Application > Job Interview > Cultural Fit Interview > Reference Check > Salary Negotiation > Final Offer and Onboarding Important Notes Any discrepancies found in the resume or reports of disciplinary actions during employment may lead to cancellation of the hiring process. Individuals disqualified from hiring according to Toss Securities regulations will not be considered. Persons with disabilities and national veterans are given preference in accordance with relevant laws.

Join Our Security Team! The security team at Toss Securities is composed of dedicated professionals, including a CISO, Security Engineers, Security Researchers, Information Security Managers, and Privacy Managers. We are committed to creating secure services, receiving robust support from the entire organization, and collaborating effectively across all departments. Our team members, with diverse experience ranging from 1 to 20 years, primarily come from backgrounds in information security firms and corporate security roles. We actively share knowledge and collaborate to achieve common goals. To ensure the safe operation of our securities services, we conduct vulnerability assessments across various fields such as applications, cloud, infrastructure, and network. We are also developing automated testing systems using DAST, SAST, and IAST tools to enhance our testing framework. Your Responsibilities: Collaborate with relevant departments from the service planning stage to perform security reviews and provide guidelines for safe service implementation. Conduct vulnerability assessments on Toss Securities' internal and external services (WTS, MTS, operational systems, etc.), analyze results, and suggest improvements. Perform infrastructure vulnerability assessments as required by electronic financial regulations and domestic/international security certifications (Public/Private Cloud, Server, DBMS, Network, etc.). Execute scenario-based internal/external penetration tests and conduct preliminary checks to prevent internal information leaks. Who We're Looking For: Individuals with over 7 years of experience in vulnerability assessments. Experience in operating or conducting assessments with infrastructure vulnerability assessment tools. Experience in developing tools or automation programs for vulnerability assessments. Ability to perform REST API vulnerability assessments based on an understanding of MSA environments. Experience in security audits identifying vulnerabilities such as IDOR in Java or Kotlin source code. Experience in assessing application vulnerabilities in Android or iOS environments. Understanding of electronic financial services and securities systems is a plus. Experience or understanding of Attack Surface Management is a bonus. Application Tips: Include any services or programs you've developed or participated in, specifying the language, role, deployment status, and operational environment. Detail specific vulnerabilities identified through SAST, DAST, Image Scanning, Secret Scanning, and your corrective actions (company/service names can be anonymized). Explain how you assessed and responded to actual security incidents or potential risks, such as secret exposure or high-risk image vulnerabilities. Share challenges and solutions encountered during security assessment automation or policy application processes. Hiring Process at Toss Securities: Application submission > Job interview > Cultural fit interview > Reference check > Salary negotiation > Final acceptance and onboarding. Additional Information: Providing false information in your resume or discovering disciplinary actions in your employment history may lead to termination of the recruitment process.

Join the innovative team at Core One, where our primary goal is to lead in providing analytical, operational, and technical solutions to tackle the most intricate national security challenges facing our nation. We prioritize people and are dedicated to attracting, developing, and retaining exceptional talent. Our competitive compensation package distinguishes us from the competition and reflects our commitment to excellence. Core One thrives on teamwork and values outstanding performance in a dynamic and expanding environment.*This position is contingent upon contract award*Responsibilities:Draft intelligence reports and assessments to support mission planning and force protection efforts, focusing on identifying asymmetric threats and vulnerabilities to U.S. interests in the area of responsibility (AOR) and monitoring internal security situations pertinent to force protection.Generate intelligence reports and suggest action plans to the government, producing threat assessments, trend analyses, and information papers through a multidisciplinary approach, utilizing all-source information for timely intelligence reporting.Deliver complex all-source counterintelligence analytic production to aid Army counterintelligence efforts against foreign intelligence entity threats, particularly concerning Army Research, Development, and Acquisitions (RDA) and Defense Critical Infrastructure worldwide.Conduct thorough intelligence analysis to inform the development of CI-HUMINT efforts, employing established analytical methodologies to support current and future full-spectrum operations.

About the Team You'll Join The Security Division at Toss Securities comprises the Security Policy Team and the Security Engineering Team, with the Security Policy Team including roles such as Information Security Manager and Privacy Manager. This division enjoys comprehensive support across the organization to create secure Toss Securities services and collaborates closely with all departments. Team members actively exchange experiences and knowledge with peers in similar roles across affiliates to achieve shared goals. The team consists of members with diverse experience ranging from 1 to 20 years, most of whom have backgrounds in information security firms and corporate information security roles. This year, we are focusing on enhancing our information security management system through global security standard certifications and prioritizing risk management based on data flow and business processes. We will also conduct research activities to advance regulatory frameworks. Responsibilities You'll Have Lead the establishment and operation of information security policies, as well as the acquisition and maintenance of domestic and international security certifications (ISMS-P, ISO/IEC 27001, 27701, 27017, 27018, PCI-DSS, etc.). Formulate and amend security policies in response to changes in legislation and regulations, and develop operational processes. Oversee internal audits, inspections, and external institution assessments, driving improvement initiatives. Establish and lead the security risk assessment and management processes. Plan and implement security awareness programs (training, campaigns) to foster a security-centric culture within the organization. Mentor junior colleagues and contribute to the growth of team capabilities. Ideal Candidate Profile Over 5 years of experience in information security policy and management system operations within the finance and electronic finance sectors. Proven experience leading the acquisition and maintenance of domestic and international security certifications. Strong background in responding to external organizations and validated risk management skills. Experience in designing and executing organizational policies and processes. Ability to identify and lead new security challenges in rapidly changing IT/service environments. Journey to Joining Toss Securities Application submission > Role interview > Cultural fit interview > Reference check > Compensation negotiation > Final acceptance and onboarding. Please Note Any discrepancies found in the resume or supporting documents, or any disciplinary issues in the work history may lead to cancellation of employment. Candidates identified as prohibited or disqualified under Toss Securities internal regulations may also have their applications canceled. Individuals with disabilities and those eligible for national veteran benefits are given preferential treatment in accordance with relevant laws. A Message for Future Colleagues You can create an information security management system with comprehensive organizational support. At Toss Securities, all colleagues share an understanding of the importance of information security, and the Security Division builds the management system based on this shared awareness. To establish a high-level information security management system, we not only comply with mandatory requirements but also embrace various challenges to present new cultures and trends. This means you will gain diverse experiences not confined to routine tasks. We are looking for passionate colleagues who want to contribute to the security of Toss Securities while experiencing explosive growth in their careers.

Security Engineers at daangn focus on protecting infrastructure and keeping user data safe. This position centers on finding vulnerabilities through penetration testing and setting up strong security protocols across our systems. Role overview This role involves hands-on work with infrastructure security in Seoul. The main responsibility is to identify and assess security risks, then act to address those issues. Attention to detail and a methodical approach are important, as your work directly impacts the safety of our platform. What you will do Conduct penetration tests to uncover vulnerabilities in our infrastructure Implement and maintain security protocols to meet high standards Support ongoing efforts to protect user data and system integrity Requirements Experience with infrastructure security and penetration testing Ability to identify, analyze, and address security vulnerabilities Commitment to maintaining strong security practices

Team and Collaboration The Security team at Toss brings together a range of professionals: CISO, Security Engineers, Security Researchers, Information Security Managers, Privacy Managers, and IT Managers. This group works closely with the Infra team, product development silos, Legal, and Compliance to build secure services for Toss. Members also connect with security peers across subsidiaries, sharing knowledge and collaborating on specialized areas. Working here means helping to build and improve security systems that support Toss in delivering reliable services. What You Will Do Design and operate AWS cloud security architecture, managing cloud security infrastructure such as CSPM and CWPP. Set up detection and response systems using logs, and automate security policies with IaC tools like Terraform. Manage IDS/IPS, WAF, and DDoS protection systems, addressing network vulnerabilities proactively. Design and refine detection policies through traffic and packet analysis, including regular expressions. Collect and respond to security events using SIEM/SOAR, and operate endpoint solutions like EDR and DLP to strengthen organizational security. Lead security design at the service architecture level and support technical compliance requirements. Requirements At least 5 years of experience as an in-house Security Engineer. Hands-on experience building and operating security systems in AWS cloud environments. Background in constructing and managing network security solutions (IDS/IPS, WAF) and capability in traffic and packet analysis, including optimizing detection policies. Experience with SIEM for event correlation analysis and developing threat hunting and response playbooks is preferred. Familiarity with endpoint security solutions such as EDR, AV, and DLP, as well as handling malware responses and configurations, is a plus. Technical experience with security certifications and financial regulations (ISO27001, PCI-DSS, ISMS-P) is advantageous. Resume Tips Describe previous roles with clear examples, emphasizing project contributions, technology stacks, and measurable improvements. Share how you approached and solved challenges, including your thought process. Include experiences where you identified and responded to security threats or resolved technical and managerial issues. Highlight specific cases where you learned and applied new security technologies or addressed emerging threats. Hiring Process Application Job Interview Cultural Fit Interview Reference Check Compensation Negotiation Final Offer and Onboarding Voices from the Team "I enjoy working with exceptional colleagues." One team member who joined after serving as the sole security officer at a previous company shared how building Toss's security infrastructure alongside the team has brought stability and a stronger security posture. This collaborative environment has become a source of pride as the team secures valuable assets together. Toss encourages setting personal goals every half-year, empowering team members to take ownership and collaborate with accomplished peers.

About the Team You'll Join The Security Division at Toss Bank comprises several teams including the Security Policy Team, Privacy Protection Team, System Security Team, Network Security Team, Security Red Team, Security Blue Team, IT Service Team, and Security Audit Team. The System Security Team Leader is responsible for safeguarding devices and systems within Toss Bank against various external threats while leading the System Security Team. The Security Division collaborates with various teams to create a safe and reliable service for Toss Bank customers. The System Security Team, in particular, focuses on ensuring secure services from both system/device security and operational perspectives, working closely with product organizations, legal and compliance, platform engineering, and internal audit teams. Responsibilities You'll Have Develop and execute operational plans for device and system information security solutions to protect Toss Bank's customers, leading the team's technical growth and implementation. Design and enhance integrated security operations for device security, system security solutions, AI, and supply chain security. Establish strategies to ensure visibility from a systems security perspective and create an environment that supports optimal operations. Who We're Looking For Individuals with over 10 years of diverse experience in operating security solutions are essential. Experience in directly leading a security team of three or more members to achieve team objectives is highly desirable. Knowledge of operational strategies for device and system security solutions aimed at ensuring safe electronic financial transactions is necessary. Deep understanding of the principles of security solutions, with the ability to set standards for operational policies and guide team discussions for optimal decision-making is required. Experience in automating repetitive tasks to enhance productivity and a proven track record of deep diving into problem-solving are sought after. Familiarity with various open-source tools and the ability to utilize AI in work processes are preferred. Experience in script development using Bash, Python, and API utilization for system integration is necessary. Resume Submission Guidelines We recommend submitting a resume in a free format along with a portfolio. Your application should highlight experiences and knowledge relevant to the role. Present specific contexts and outcomes rather than simply listing responsibilities, focusing on how you solved problems. Detail your leadership experiences, including team size, operational methods, personal contributions, and team achievements. Include any experience in establishing security strategies or improving systems that influenced the entire organization. It would be beneficial to attach examples that demonstrate your technical depth, such as architectures you have designed, problem-solving processes, or automation outcomes. Your Journey to Joining Toss Bank Application submission and...

About the Team You Will Join The Security Division at Toss Bank consists of several teams: Security Policy Team, Privacy Protection Team, System Security Team, Network Security Team, Security Red Team, Security Blue Team, IT Service Team, and Security Audit Team. The Security Audit Manager will be responsible for conducting regular and ad-hoc audits as well as overseeing compliance checks across the organization within the Security Audit Team. This division collaborates with various teams to create safe and reliable services at Toss Bank. The Security Audit Team works closely with product teams and legal, compliance, platform engineering, and internal audit teams to ensure compliance and internal control. The Security Division is committed to providing secure electronic financial transaction services and strives to embed security into the daily operations of its users. Responsibilities You Will Undertake Conduct regular and ad-hoc internal audits of Toss Bank’s information security activities. Respond to periodic and ad-hoc audits conducted by the internal audit team and manage IT and security aspects of internal control accounting audits. Perform internal checks on information security responsibilities and self-audits. Improve internal controls related to information security. Assess compliance activities across the organization and enhance procedures as necessary. Conduct checks related to safeguarding personal credit information. Perform internal audits on significant information security incidents and penalties occurring within financial institutions. Ideal Candidate Profile Understanding of IT and information security fundamentals is essential. Experience in IT or information security audits and assessments is required. In-depth knowledge of information security regulations, such as electronic financial supervision regulations, credit information industry regulations, and standards for ensuring the safety of personal data, is desired. Ability to understand and enhance internal control measures related to information security. Familiarity with emerging technologies such as MSA, Kubernetes, and Cloud is a plus. Excellent communication skills to collaborate effectively with various teams are necessary. Possession of information security audit certifications (CISA, CISSP, etc.) is advantageous. Application Recommendations Share specific examples of experiences related to internal/external audits or internal controls relevant to the job responsibilities. Include experiences that demonstrate improvements in IT environments or information security practices through audit responses and self-assessments. If you have experience solving complex problems in collaboration with various organizations, be sure to highlight that. Journey to Join Toss Bank Application submission > Job interview > Cultural fit interview > Reference check > Offer negotiation > Final acceptance Please Note If any false information is found in your resume or supporting documents, or if any disciplinary action during your employment history is confirmed, your application may be canceled. Applicants who fall under the disqualifying criteria as per Toss Bank’s employment regulations may have their applications revoked. Individuals with disabilities or who are veterans will receive preferential treatment in accordance with relevant laws.

Join Our Dynamic Team!The Security Division at Toss Securities comprises the Security Policy Team and the Security Engineering Team. The Security Policy Team includes both the Information Security Manager and the Privacy Manager.Our division receives robust support across the organization to ensure the safety of Toss Securities services, fostering close collaboration with all departments.Team members actively share experiences and knowledge with peers in similar roles across our affiliates, working together to achieve shared objectives.Our team consists of members with diverse experiences ranging from 1 to 20 years, most of whom have backgrounds in information security firms or as corporate information security officers.This year, we aim to enhance our information security management system through global security standard certifications and focus on risk management centered around data flows and business processes, alongside conducting research for regulatory advancement. Your Responsibilities:Establish and manage information security policies in accordance with regulations such as the Electronic Financial Transactions Act, Credit Information Act, Information and Communications Network Act, and Personal Information Protection Act.Oversee the establishment and maintenance of information security policies and manage domestic and international security certifications (ISMS-P, ISO/IEC 27001, 27701, 27017, 27018, PCI-DSS, etc.).Identify and assess security risks, derive improvement tasks, and manage them effectively.Respond to internal audits, inspections, and external agency assessments, and carry out post-management activities.Conduct security training and campaigns for employees to enhance security awareness.Assess the security of new services and technologies (cloud, DevOps, etc.) and improve policies accordingly. Ideal Candidate Profile:Strong understanding of information security regulations and compliance.Experience in operating information security management systems and obtaining security certifications.Hands-on experience in security audits, risk assessments, and policy management activities.Experience in policy or planning roles within a financial or fintech environment is a plus.Interest and understanding of security threats and the latest IT environments will be advantageous. Joining Toss Securities:Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Compensation Negotiation > Final Offer & Onboarding Please Note:Any falsehoods found in resumes or application documents, or any disciplinary issues during employment history, may lead to cancellation of employment.Individuals categorized as hiring prohibitions or disqualified under Toss Securities regulations may have their applications canceled.Individuals with disabilities or who are veterans will be given preference in accordance with applicable laws. A Message for Future Colleagues:Work within a supportive environment to develop a robust information security management system.All colleagues at Toss Securities recognize the importance of information security, and the Security Division is committed to fostering this understanding.We are undertaking various challenges to present new cultures and trends while ensuring compliance with mandatory requirements, offering a chance to gain diverse experiences beyond conventional tasks.We are looking for passionate colleagues who are eager to contribute to the security of Toss Securities and achieve explosive career growth.