Security Researcher (Penetration Testing / Vulnerability Analysis)

Join Our Team!The Security Team at Toss aims to enhance our defenses to world-class standards. We focus on assessing the security of our cutting-edge financial systems and aim to integrate the latest security techniques first.Our team involves security engineers from the very start of service development, ensuring that product owners, developers, and designers share a common goal of enhancing security, maintaining a balance between usability and safety.As a Security Researcher, you will continuously assess the security of our services, including penetration testing, while collaborating closely with the engineering team to proactively identify and resolve vulnerabilities in Toss services. Responsibilities:Conduct penetration testing and vulnerability assessments on Toss's internal and external services (web, mobile apps, etc.).Perform APT simulations while researching and analyzing new hacking techniques and defense strategies.Design service architecture to ensure safe and convenient services. We Are Looking For:Individuals with experience in security assessments, vulnerability testing, and penetration testing for large-scale operational services.Those who are passionate about new technology trends and eager to grow with their colleagues. Resume Recommendations:Include experiences where you researched or established security review measures for the latest IT technologies.Highlight any awards from domestic or international penetration testing competitions or bug bounty experiences. Technologies We Utilize:Web Hacking, Reverse Engineering, Cryptography, Mobile, Network The Recruitment Journey at Toss:Application > Job Interview > Cultural Fit Interview > Reference Check > Compensation Discussion > Final Acceptance and Onboarding A Message for Future Colleagues:We want to work with someone who will lead the innovation in finance and security together.We don't build features just to look good; if they don't add value, we won’t waste time. We are professionals who can operate independently without oversight. We are looking for colleagues who will join us in internalizing Toss's financial security technologies and drive innovation together.

Join our dynamic team at Toss where our Security Team is dedicated to elevating our defense mechanisms to world-class standards. We meticulously assess the security of our cutting-edge financial systems and strive to integrate the latest security techniques first.Our team ensures that security engineers are involved from the initial development stages of all services. By collaborating with product owners, developers, and designers, we maintain a balance between usability and security.As a Security Researcher, your role will involve continuous security assessments across our services, performing penetration testing, and closely working with engineering teams to proactively identify and resolve vulnerabilities.Your responsibilities will include:Conducting penetration tests and APT attacks on Toss's infrastructure while diagnosing system security.Providing technical assessments and improvement recommendations for electronic financial infrastructure.Researching and analyzing new hacking techniques and defense strategies.We are looking for someone who:Has experience in security assessments within diverse IT infrastructure architectures and DevOps environments.Possesses hands-on experience with penetration testing and APT attacks on security solutions/infrastructure.Has a strong understanding of web and network vulnerabilities.Can comprehend and implement technical vulnerability assessment procedures.Tips for your resume:Include your experience with various information security solutions.If applicable, mention your experience with APT scans, LDAP, or AD hacking.Detail your diagnostic experience in Kubernetes + Istio environments.The technologies we use at Toss include:Java Spring Framework, JPA/Hibernate, GradleJenkins, Git, Docker, Kubernetes + IstioKafka, Elastic, InfluxData, Grafana, MemcachedPlease take note:Military personnel can transition from active duty or reserve roles, while specialized research personnel may transition only.Your journey to join Toss:Application submission > Job interview > Cultural fit interview > Reference check > Compensation negotiation > Final acceptance and onboarding."We seek individuals who are eager to drive innovation in finance and security together."

Join Our Team and Engage in the Following Responsibilities - Conduct penetration testing and vulnerability assessments on Toss's external and internal services (web, mobile applications, etc.).- Provide technological diagnostics and improvements for electronic financial infrastructure.- Collaborate in researching and analyzing new hacking techniques and defensive strategies.- Perform infrastructure system diagnostics.

Security Engineers at daangn focus on protecting infrastructure and keeping user data safe. This position centers on finding vulnerabilities through penetration testing and setting up strong security protocols across our systems. Role overview This role involves hands-on work with infrastructure security in Seoul. The main responsibility is to identify and assess security risks, then act to address those issues. Attention to detail and a methodical approach are important, as your work directly impacts the safety of our platform. What you will do Conduct penetration tests to uncover vulnerabilities in our infrastructure Implement and maintain security protocols to meet high standards Support ongoing efforts to protect user data and system integrity Requirements Experience with infrastructure security and penetration testing Ability to identify, analyze, and address security vulnerabilities Commitment to maintaining strong security practices

Join Our Security Team! The security team at Toss Securities is composed of dedicated professionals, including a CISO, Security Engineers, Security Researchers, Information Security Managers, and Privacy Managers. We are committed to creating secure services, receiving robust support from the entire organization, and collaborating effectively across all departments. Our team members, with diverse experience ranging from 1 to 20 years, primarily come from backgrounds in information security firms and corporate security roles. We actively share knowledge and collaborate to achieve common goals. To ensure the safe operation of our securities services, we conduct vulnerability assessments across various fields such as applications, cloud, infrastructure, and network. We are also developing automated testing systems using DAST, SAST, and IAST tools to enhance our testing framework. Your Responsibilities: Collaborate with relevant departments from the service planning stage to perform security reviews and provide guidelines for safe service implementation. Conduct vulnerability assessments on Toss Securities' internal and external services (WTS, MTS, operational systems, etc.), analyze results, and suggest improvements. Perform infrastructure vulnerability assessments as required by electronic financial regulations and domestic/international security certifications (Public/Private Cloud, Server, DBMS, Network, etc.). Execute scenario-based internal/external penetration tests and conduct preliminary checks to prevent internal information leaks. Who We're Looking For: Individuals with over 7 years of experience in vulnerability assessments. Experience in operating or conducting assessments with infrastructure vulnerability assessment tools. Experience in developing tools or automation programs for vulnerability assessments. Ability to perform REST API vulnerability assessments based on an understanding of MSA environments. Experience in security audits identifying vulnerabilities such as IDOR in Java or Kotlin source code. Experience in assessing application vulnerabilities in Android or iOS environments. Understanding of electronic financial services and securities systems is a plus. Experience or understanding of Attack Surface Management is a bonus. Application Tips: Include any services or programs you've developed or participated in, specifying the language, role, deployment status, and operational environment. Detail specific vulnerabilities identified through SAST, DAST, Image Scanning, Secret Scanning, and your corrective actions (company/service names can be anonymized). Explain how you assessed and responded to actual security incidents or potential risks, such as secret exposure or high-risk image vulnerabilities. Share challenges and solutions encountered during security assessment automation or policy application processes. Hiring Process at Toss Securities: Application submission > Job interview > Cultural fit interview > Reference check > Salary negotiation > Final acceptance and onboarding. Additional Information: Providing false information in your resume or discovering disciplinary actions in your employment history may lead to termination of the recruitment process.

About the Team You'll JoinThe Security Division at Toss Securities consists of the Security Policy Team, Security Engineering Team, Security Audit Team, and IT Innovation Team, with the Security Engineering Team focusing on technical security tasks.The Security Division receives comprehensive support across the organization to create secure services and collaborates closely with all departments.The Security Division is made up of the Security Engineering Team and the Security Policy Team.Team members actively share experiences and knowledge with colleagues in similar roles within the company to achieve common goals.The team includes individuals with diverse experience levels, ranging from 1 to 20 years, most of whom have backgrounds in cybersecurity firms or as corporate security officers.In 2024, the Security Engineering Team aims to enhance its information security management framework to achieve international recognition, focusing on improving areas such as SOAR, ZTNA, and Cloud/Container security.Your ResponsibilitiesDevelop and manage Toss Securities' security monitoring system using SIEM.Gather and analyze various logs to create monitoring policies for security threats.Analyze and respond to security threats and incidents occurring in customer-facing services and employee work environments.Conduct incident analysis and response tasks.Ideal Candidate ProfileExperience in building and operating various log collection/analysis systems such as Splunk, ELK, and Kafka is essential.Proficient in creating correlation rules for sequential scenario detection in SIEM.Strong analytical skills for security incidents and security events are required.Ability to automate procedures for security log analysis, validation, and response development is necessary.Experience in threat response in various service environments, including IDC, CDN, Public Cloud, and Kubernetes, is a plus.Resume RecommendationsInclude at least two memorable examples of policies you created to detect security threats.If applicable, detail any cases of technical problem-solving (optimization, bug fixes, etc.) focusing on the technologies used and the outcomes achieved.Journey to Join Toss SecuritiesApplication Submission > Job Interview > Cultural Fit Interview > Reference Check > Salary Negotiation > Final Offer & OnboardingPlease NoteIf any false information is found in the resume or submitted documents, or if any disciplinary actions are confirmed during employment history, the hiring may be canceled.Hiring may be canceled for individuals who are prohibited from employment according to Toss Securities' regulations or who have disqualifying factors.Individuals with disabilities and veterans will be given preference according to relevant laws.A Word for Future Colleagues“You can enjoy working and growing as a security engineer in an environment where the latest technologies are actively adopted!”I am engaged in analyzing cybersecurity events and responding to incidents. To do this, additional data collection and expansion of the analysis system are necessary, and Toss's rapid collaboration culture allows me to focus quickly on the essence of analysis tasks.Working alongside experts in systems, networks, and security fields fosters my growth daily, and the active adoption of cutting-edge technologies makes it a pleasure for event analysts eager for trends to join us.

#LI-DNIAbout the Team You Will JoinThe Security Engineer at Toss Care belongs to the Information & Security Tribe, actively participating in technical roles within the Security Purple Team and Security Green Team.The Security Purple Team combines Red and Blue team strategies to perform incident analysis and response, vulnerability assessments, penetration testing, and scenario-based threat modeling.We prioritize enhancing Toss's security posture while maintaining a customer-first principle through close communication and collaboration with all teams.Your Responsibilities Will Include:Overseeing the overall detection, analysis, and response to security incidents.Identifying security threats to Toss services and designing operational threat models and scenarios using various logs collected by SIEM.Establishing, enhancing, and automating the processes for security threat analysis and incident response.Researching technical analysis and response strategies for various attack vectors, including external threats and data breaches.We Are Looking For Candidates Who:Have hands-on experience in responding to and improving security threats through incident analysis.Are familiar with identifying and responding to security threats in Kubernetes and Public Cloud environments.Have experience in designing, operating, and improving Detection Engineering technologies.Possess extensive experience in deriving threat scenarios and responses through SIEM.Have experience in automating security threat detection/response tasks or optimizing them via LLM.Resume Writing Tips:Include specific examples of technical analysis and responses you have conducted for threat analysis and incident response.Showcase instances where you have improved efficiency, automation, or enhancement from a perspective of incident response through your strengths.Detail how you approached and solved challenges encountered during problem-solving processes.Provide concrete examples of how you applied your technical learning to your work.

#LI-DNI Join Our Dynamic Security Team! As a Security Engineer at Tosscareers, you will be part of the Information & Security Tribe, handling technical operations within the Security Purple Team and Security Green Team. The Security Purple Team is a hybrid of Red and Blue teams, focusing on event analysis, incident response, vulnerability assessments, penetration testing, and scenario-based threat modeling. We prioritize customer safety and collaborate closely with all teams to enhance Toss's security measures. Your Responsibilities Will Include: Designing, building, and operating SIEM (Splunk, Opensearch, Elasticsearch). Creating robust architectures for secure log collection across various environments (On-Prem, AWS, K8S). Ensuring stable operation and enhancement of log pipelines (NIFI, KAFKA, Hadoop). Establishing and managing logging/monitoring systems for performance optimization and incident response of the Security Data Platform (SIEM). Designing and normalizing standard models for various logs to improve log analysis efficiency. We Are Looking For Candidates Who: Have experience in designing and building scalable and optimized SIEM systems. Can identify and resolve issues in log collection, data loading, search, and query building processes. Have worked with heterogeneous security log pipelines in On-Prem and AWS environments (ETL, ELT). Have standardized various forms of security logs (OCSF, CIM, etc.) for easier analysis. Have automated tasks using Python scripting. Resume Tips: Detail specific examples of your work, particularly your roles in projects, the technologies used, and improvements made before and after. Explain any challenges faced during problem-solving and how you addressed them. If you have diverse problem-solving experiences (technical, managerial), provide concrete examples. Include specific cases where you applied learned technical skills to your work.

Who We AreAt TwelveLabs, we are at the forefront of developing innovative multimodal foundation models that enable video comprehension akin to human understanding. Our models have set new benchmarks in video-language modeling, enhancing our capability to interact with and analyze diverse media formats.Backed by over $110 million in Seed and Series A funding from renowned venture capital firms including NVIDIA’s NVentures, NEA, Radical Ventures, and Index Ventures, as well as influential AI pioneers like Fei-Fei Li and Alexandr Wang, we are located in San Francisco and have a significant presence in APAC, particularly in Seoul, reinforcing our mission to drive global innovation.Our collaborations with NVIDIA and AWS provide access to state-of-the-art chips, such as the B300s, empowering us to push the frontiers of video AI.We embrace the individuality of each team member's journey, recognizing that our diverse cultural, educational, and life experiences fuel our ability to challenge the status quo. We seek passionate individuals aligned with our mission to make a meaningful impact as we advance technology to reshape the world. Join us in revolutionizing video understanding and multimodal AI.About the TeamThe Pegasus team is integral to TwelveLabs’ video understanding initiatives, leading the development of Pegasus, our Video Analysis product. Our aim is to create multimodal video analysis systems that excel in high instruction-following capabilities and deliver complex, hierarchically structured outputs. We prioritize the delivery of products that provide real-world value, collaborating in a goal-driven, cross-functional environment that unites ML researchers and engineers.Our responsibilities span a wide array of challenges, including large-scale distributed training of multi-modal LLMs, precise temporal segmentation, structured metadata extraction for practical applications, and enhancing training data for performance improvements.Our team leverages advanced chips, including NVIDIA B300s, to expedite our research-to-production transition, ensuring swift advancements in video analysis systems.

Join Our Team!As a UX Researcher at Toss Securities, you will delve into the essence of investment experiences, collaborating with users to enhance their investment journeys. You will be at the forefront of defining the future of investing, interpreting every moment of a trader's experience.Our UX Researcher is an integral part of the UX Research Team.The UX Research Team collaborates closely with all teams needing user insights, particularly the product organization and the Strategy Team.We focus on uncovering impactful insights through essential research rather than mere reporting or sharing.Your ResponsibilitiesDrive improvements across various Toss Securities products, grounded in an understanding of the securities industry and user needs.Engage with a diverse range of users of our securities services, suggesting product directions and identifying areas for enhancement.Conduct user experience research using appropriate methodologies such as User Testing (UT), In-depth Interviews, Focus Group Interviews (FGI), and surveys.We Are Looking ForIndividuals with hands-on experience in enhancing user experiences for digital products or substantial knowledge and experience in digital product contexts.Proficiency in selecting optimal research methodologies based on situational needs, with the ability to effectively share research findings to guide product direction.A strong desire to learn and challenge oneself in new endeavors.Excellent communication skills to derive and persuade UX decision-making foundations.Journey to Joining Toss SecuritiesApplication Submission > Job Interview > Cultural Fit Interview > Reference Check > Compensation Negotiation > Final Offer & OnboardingPlease NoteThis position allows applications without a portfolio. We encourage individuals who may have felt burdened by portfolio creation to apply freely.When applying, please provide specific details about practical projects where you personally designed and conducted user experience research. Research projects or side projects may not be suitable examples.Highlight your process from problem definition, hypothesis setting, research design and validation, to deriving results, explaining how you set goals and conducted research. Sharing lessons learned in detail is encouraged.The job interview will involve in-depth discussions based on two examples you select, independent of portfolio submission. Be aware that you may need to prepare separate presentation materials later.If false information is discovered in your resume or submitted documents, or if disciplinary issues are confirmed during your employment history, employment may be canceled.Individuals who are prohibited from employment or have disqualifying factors according to Toss Securities policies may have their applications canceled.Individuals with disabilities and those recognized as national veterans are preferred according to relevant laws.Colleague's InsightWe listen carefully to every user's voice to create the best user experience.All users of our securities services are investors. Therefore, it is crucial to integrate diverse perspectives and habits regarding investments into the Toss Securities user experience.We are looking for someone who can consider users' financial contexts and usage scenarios from multiple angles to help make Toss Securities the premier investment product.

About the Team You'll JoinThe Global UX Researcher at Toss Securities is a key member of the UX Research Team.Our mission is to explore the essence of global investment products and collaborate with users to enhance their investment experiences. We aim to understand every moment of international investors and shape the future of investing from the center of change.The UX Research Team works closely with all teams that require user insights, especially collaborating with product-focused Silos and the Strategy Team.We focus on uncovering impactful insights through research that drives product development rather than mere reporting.Responsibilities You Will ShareYou will lead the growth of Toss Securities' global products based on an in-depth exploration of overseas user needs.Engage with overseas users of our securities services to propose directions for Toss Securities’ global products and identify areas for improvement.Utilize appropriate research methodologies such as User Tests (UT), In-depth Interviews, Focus Group Interviews (FGI), and surveys to investigate user experiences.We'd Love to Work with Someone WhoHas experience as a UX Researcher in an international company or has conducted overseas user research that contributed to the success of global products.Has a strong understanding and experience in improving user experiences for digital products.Can apply the most suitable research methodologies based on the situation and effectively communicate research findings to guide product direction.Is eager to learn and has a strong sense of challenge for new tasks.Possesses excellent communication skills to derive and persuade new UX decision-making principles.Important NotesPlease include a portfolio during the application review process.Your portfolio should detail practical projects where you designed and conducted research aimed at improving user experience. Research projects or side projects are not suitable examples.Make sure to clearly outline the process of defining problems, setting hypotheses, designing and validating research, and deriving results, along with the lessons learned during this process.The job interview will involve in-depth discussions based on two examples you select. Please note that you will need to prepare a separate presentation material afterwards.Any false information on your resume or disciplinary actions in your employment history may lead to cancellation of the hiring process.According to Toss Securities regulations, candidates who are on the hiring blacklist or have disqualifying factors may face cancellation of the hiring process.We prioritize candidates with disabilities and those eligible for national veterans’ benefits in accordance with relevant laws.Journey to Joining Toss SecuritiesApplication submission > Job interview > Cultural fit interview > Reference check > Negotiation > Final acceptance and onboardingA Word from a ColleagueWe listen carefully to every user voice to create the best user experience.All users of our securities services are investors, so it’s essential to integrate various perspectives and habits related to investing into the Toss Securities user experience.We consider the financial context and usage context of our users from multiple angles to make Toss Securities the best.

Join Toss Insights! Toss Insights serves as the financial management research institute of Toss, acting as a think tank that formulates growth strategies through policy analysis and trend research to enhance understanding of finance and economics. Be a founding member of Korea's first fintech research institute, where you can set new benchmarks in the financial market and lead the industry. Toss possesses a vast array of reliable financial data, including MyData, payment, and app usage statistics, which can be utilized for research purposes within legal boundaries. We cultivate an organizational culture based on “autonomy and responsibility,” allowing for a more innovative research environment in the finance sector. Your Responsibilities: Process and analyze diverse data generated by financial institutions, including: MyData: Dispersed asset information such as account and card details. Customer behavior data (NLP): Analyzing digital log data (MAU, retention, etc.) to understand customer behavior patterns. Financial product usage data: Insights into customer interactions with loans, insurance, deposits, etc. Visualize structured and unstructured data to develop recommendation and personalization models. Generate insights based on banking data analysis and compile research reports. Analyze patterns and trends in financial data to support strategic decision-making within the Toss community. We Are Looking For Candidates Who: Possess problem-solving skills utilizing data analysis and machine learning. Are proficient in data analysis tools such as Python, R, and SQL. Have experience in processing and analyzing financial data or large-scale datasets. Hold a Master's or PhD degree in Industrial Engineering, Financial Engineering, or related fields with relevant experience. Have a background in Financial Engineering, Business Administration, Economics, or related disciplines. Please Ensure the Submission of the Following Documents: Resume (free format, no language restrictions) Submit in any format, either in Korean or English. Include your academic background, work experience, date of birth, and contact information. Attach a list of major research achievements, including research reports. Cover Letter Detail your research and practical experiences related to the field. Steps to Join Toss Insights: Document submission → Job interview → Cultural fit interview → Reference check → Salary negotiation → Final acceptance Document submission period: 2/13 (Thursday) ~ 2/26 (Wednesday)

About UsAt TwelveLabs, we are at the forefront of creating innovative multimodal foundation models that empower machines to understand videos as humans do. Our groundbreaking models have set new benchmarks in video-language modeling, enhancing our analytical capabilities and revolutionizing media interaction.With over $110 million raised in Seed and Series A funding, we are supported by leading venture capital firms, including NVIDIA’s NVentures, NEA, Radical Ventures, and Index Ventures, alongside esteemed AI pioneers like Fei-Fei Li and Silvio Savarese. Headquartered in San Francisco, we also boast a significant presence in Seoul, reflecting our dedication to global innovation.Our strategic alliances with NVIDIA and AWS provide us access to state-of-the-art technology, including the B300 chips, enabling us to push the limits of video AI capabilities.We celebrate diversity and believe that the unique journeys of each individual contribute to our innovative culture. We are in search of passionate individuals who resonate with our mission and are eager to drive technological transformation. Join us in reshaping the future of video understanding and multimodal AI.Team OverviewThe Pegasus team is central to TwelveLabs' video comprehension capabilities, spearheading our Video Analysis product. We focus on creating advanced multimodal video analysis systems that excel in instruction adherence and yield complex, hierarchically structured outputs. Our mission is to deliver products with tangible real-world applications, working collaboratively across functional teams of ML researchers and engineers.Our initiatives encompass various challenges, including large-scale distributed training of multimodal LLMs, precise temporal segmentation, and robust metadata extraction for practical applications, extending temporal context to several hours, alongside data curation processes that enhance evaluation and performance through improved training data.Our team leverages cutting-edge hardware, such as NVIDIA B300s, to accelerate the transition from research to production, ensuring swift and effective deployment of our innovations.

#LI-DNIAbout the Team You Will JoinThe Toss Security Team is responsible for maintaining the security framework and various compliance measures. It comprises a security policy group and a security engineering group that identifies security threats and develops strategies to address them.Our team collaborates closely with various departments such as IT, personal data, infrastructure, and platforms to ensure the security of Toss's diverse services and team members’ work environments.Additionally, team members regularly engage in weekly meetings with peers from affiliated companies to share insights and collaborate on specialized areas.Our team includes professionals with 5 to 20 years of experience, most of whom have backgrounds in cybersecurity firms or corporate information security.We aspire to be the 'world's best security team' by developing robust security frameworks to protect our customers' valuable information against hacking and external threats while complying with various regulations.Responsibilities You Will HaveYou will build and operate information security solutions to protect Toss's customer services and the work environments of employees.You will establish access control measures to safeguard Toss Community's information systems (DB, Server, Network, etc.) and manage security solutions.You will implement and manage security systems (network separation, data leakage prevention, etc.) necessary for compliance with financial regulations.Your role will also involve improving security visibility and management systems to create a safe working environment for Toss teams.Ideal CandidateWe are looking for someone with experience in building and operating network security systems such as FW, NAC, and Proxy, along with infrastructure architecture design.Experience in designing access control models and control solutions for servers and databases using SAC and DAC is essential.Experience in building and operating cloud-based infrastructure and services (IaaS - AWS, Azure, OpenStack, etc. / SaaS - Google Workspace, M365, etc.) with security management is required.Experience in implementing and managing IAM and SSO systems (OKTA, KeyCloak, etc.) and designing permission management frameworks is highly desired.Familiarity with UEM systems for user clients like MS Intune, Workspace ONE, or Jamf is a plus.Knowledge of Zero Trust-based network access control configurations and an understanding of authentication protocols like SAML, OpenID, OAuth is a significant advantage.Experience with domestic and international security certifications and financial regulations like ISO27001, ISO27701, PCI-DSS, ISMS-P, and knowledge of compliance systems is preferred.Resume RecommendationsWe recommend detailing your problem-solving skills and technical experiences related to building and operating security solutions, including automation.

*This position is exclusively available to candidates residing in South Korea.*About Euromonitor InternationalAs a global leader in market data analytics and research, Euromonitor International provides unparalleled insights and data on various markets, industries, economies, and consumer behaviors. Our comprehensive analysis serves thousands of products and services, making us the premier choice for organizations pursuing growth. With our expertise, clients can confidently make bold, strategic decisions.Role OverviewAs the Research Manager at our Seoul office, you will lead a talented team of analysts dedicated to delivering high-quality local insights and impactful client narratives. This role places a strong emphasis on effective team management, operational excellence, and promoting a collaborative work environment across various functions. You will act as a crucial link between your team and various departments, including Regional, Client Support, and Foundational Data teams, driving organizational goals and strategic initiatives.Key ResponsibilitiesTeam LeadershipMentorship and Development: Recruit, train, and mentor a diverse team of analysts, fostering professional growth and enhancing industry expertise and cross-functional collaboration.Performance Management: Conduct regular evaluations, provide constructive feedback, and recognize achievements to motivate high performance.Fostering Collaboration: Create a culture of teamwork, open communication, and accountability, ensuring close collaboration with Regional and Client Support teams. Project OversightStrategic Planning: Plan and prioritize multiple research projects, ensuring adherence to methodologies, deadlines, and quality standards.Monitoring and Delivery: Supervise research workflows, monitor progress, and proactively address potential issues to ensure projects are completed on time and meet high standards. Client Engagement and Relationship ManagementClient Interaction: Dedicate at least 20% of your time to leading client engagements for specific accounts, guiding your team in identifying opportunities to deepen client relationships and drive business growth.Client Concerns: Serve as the primary point of escalation for client issues, providing solutions and maintaining high levels of client satisfaction.Actionable Insights: Collaborate with the Client Support team to convert client queries into actionable opportunities, enhancing engagement and fostering mutual growth.

About the Team You'll Join The Security Division at Toss Securities is composed of the Security Policy Team, Security Engineering Team, Security Audit Team, and IT Innovation Team, with the Security Engineering Team focusing on technical security tasks. The security team receives comprehensive support across the organization to ensure the safety of Toss Securities services and collaborates closely with all departments. Each team member actively engages with peers in similar roles across subsidiaries, sharing knowledge and experiences to achieve common goals. The team comprises members with diverse experience levels ranging from 1 to 20 years, many of whom have backgrounds in information security firms and corporate information security roles. This year, the Security Engineering Team aims to enhance its information security management system to achieve international recognition and strengthen its capabilities in SOAR, ZTNA, and Cloud/Container security. Your Responsibilities You will identify potential security threats, data leakage risks, and compliance violations across endpoint environments and work to mitigate these issues. Analyze conflicts between security requirements and actual workflows, implementing solutions that balance security and user experience. Address endpoint security issues by analyzing root causes and implementing improvements to prevent recurrence. Manage to maintain consistent endpoint security standards throughout the device lifecycle. Design and automate policy-based control logic to evaluate endpoint status, user context, device posture, and the policy settings of security solutions to determine access permissions. Integrate endpoint security controls with IAM and access control to enhance the overall security framework. Who We're Looking For Experience in designing and customizing detection rules, blocking policies, and monitoring logic based on potential security threats in endpoint environments. Experience in designing and implementing technical solutions such as policy exceptions, temporary authorizations, and selective monitoring to ensure security controls do not hinder actual workflows. Experience in investigating endpoint security issues through log analysis, process tracing, and filesystem investigation at the Windows and macOS levels to identify root causes and establish preventive measures. Experience in designing and managing systems to maintain consistency in security standards throughout the entire lifecycle of devices, from provisioning to disposal. Ability to implement a Policy Decision Point that determines access permissions based on endpoint status information collected via security solution APIs, with experience in Python/Go, OPA, or AI/MCP-based tools being a plus. Experience in integrating security context collected from endpoints (such as device compliance and threat detection results) with IAM, network, and application layer access controls via SCIM, Webhook, and API would be advantageous. Your Pathway to Joining Toss Securities Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Negotiation of Terms > Final Acceptance and Onboarding Additional Information Employment may be rescinded if false information is found in the resume or if any disciplinary actions are confirmed during employment history. Individuals who are prohibited from employment under Toss Securities regulations or have disqualifying factors may have their applications canceled. Individuals with disabilities and veterans will receive preferential treatment in accordance with relevant laws. A Note for Potential Colleagues We value innovation, collaboration, and a passion for security in our team. Join us to make a significant impact in the world of cybersecurity!

About the Team You Will Join The Security Division at Toss Bank comprises multiple teams including Security Policy, Privacy Protection, System Security, Network Security, Security Red Team, Security Blue Team, IT Service, and Security Audit. The Security Engineer (Endpoint Security) will work within the Security Division to manage various tasks aimed at protecting endpoints from external threats, particularly as part of the System Security Team. The Security Division collaborates with various teams to create secure and reliable services, and the System Security Team works closely with product organizations, Legal & Compliance, Platform Engineering, and Internal Audit to ensure security and regulatory compliance. We are dedicated to providing a secure environment for electronic financial transactions and to seamlessly integrating security into the daily operations of our users. Key Responsibilities Operate security solutions to protect Toss Bank's customers. Build, manage, and operate endpoint security solutions including Antivirus (AV), Data Loss Prevention (DLP), Network Access Control (NAC), and Endpoint Privilege Management (EPM). Ensure stable operation of endpoint security solutions and quickly resolve operational issues. Establish endpoint security policies for Windows and Mac OS and engage in proactive information security activities. Analyze events through endpoint security solutions and conduct threat response activities. Desired Qualifications A minimum of 5 years of experience in operating endpoint security solutions. Deep understanding of PC and server operating systems. Familiarity with basic networking and architecture concepts. Strong understanding of the operational principles and policies of endpoint security solutions. Experience with open-source endpoint security solutions and automation of security solutions is a plus. Application Instructions Please include detailed descriptions of your responsibilities and specific examples in your resume, as simple project lists may not be sufficient. We recommend submitting a portfolio along with your resume. Highlight your experiences and knowledge relevant to the job area in your application. In your portfolio, please document your studies or practical experiences in security technology and your level of understanding. Join Us at Toss Bank Application Submission > Job Interview > Cultural Fit Interview > Reference Check > Compensation Discussion > Final Acceptance and Onboarding Please Note Any discovery of false information in your resume or disciplinary actions during your employment history may result in cancellation of your application.

Welcome to the Daangn Team!At Daangn, we strive to create an environment where individuals can grow alongside the company's success.We are here to assist you in reaching that moment of joy while working with wonderful colleagues. Introducing the Security TeamThe Security Team aims to ensure that Daangn provides services securely. We defend against external attacks and prevent the leakage of valuable internal information. All our activities comply with various information protection laws and regulations. By understanding Daangn's business model, we provide clear standards that are implemented technically. Through these efforts, we create a reliable service that users can trust.Key ResponsibilitiesAssess and improve security risks in AI/ML-based service environments.Audit and manage access controls and security configurations for AI service components, including training data, model files, APIs, and infrastructure.Monitor and respond to security issues in LLM and generative AI environments, such as prompt injection and data leaks.Analyze AI service logs to detect anomalies, investigate security events, and resolve issues.Conduct security vulnerability assessments and actions during model deployment and operation.Establish and continuously improve security guidelines and policies.We Seek Candidates Who:Have experience in vulnerability assessments, penetration testing, or incident response.Are familiar with LLMs and understand the operational mechanisms of prompt-based services.Have a foundational understanding of cloud architecture (IAM, networking, storage) in platforms like AWS, GCP, or Azure.Possess basic knowledge of AI/ML or LLM service structures.Have experience in log analysis and root cause identification.Are proactive in addressing security issues, focusing on improvements rather than just reporting.Preferred Qualifications:Understanding of ML pipelines (data collection → training → deployment → monitoring).Experience with container environments such as Docker and Kubernetes.Have at least one year of experience in security, cloud, backend, or ML engineering.Have experience in improving repetitive tasks through security automation or scripting.Regularly learn about and share new AI security issues or trends.Additional InformationThere is a 3-month probation period for full-time hires.As per the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities Act and the Act on the Honorable Treatment and Support of Veterans, individuals with disabilities and veterans will receive preferential hiring.

About the Role tosscareers is looking for a Research Assistant in Seoul to help advance ongoing research projects. This position supports key research efforts with careful analysis and a strong focus on accuracy. What You Will Do Assist with research tasks and data collection Support project teams by organizing and analyzing information Contribute to the progress of active research initiatives Location Seoul

Join Our TeamToss Bank's Security Division consists of specialized teams including Security Policy, Privacy Protection, System Security, Network Security, Red Team, Blue Team, IT Service, and Security Audit.The Security Operations Specialist (System Security) plays a crucial role in safeguarding Toss Bank’s systems against external threats, operating within the System Security Team.This division collaborates with various teams to create a safe and reliable Toss Bank service. Specifically, the System Security Team works closely with product organizations, Legal & Compliance, Platform Engineering, and Internal Audit to ensure regulatory compliance and internal controls. The synergy across all teams fosters effective collaboration towards shared goals.The Security Division is committed to providing secure electronic financial transaction services, ensuring that security is integrated into users' workflows for a safe working environment.Key ResponsibilitiesDevelop, manage, and enhance access control security solutions.Manage security solutions such as Server Access Control (SAC), Database Access Control (DAC), and Apache Ranger.Troubleshoot and resolve various issues arising from security solutions.Enhance operational policies and elevate management standards through diverse tools and methods.Who We're Looking ForExperience in information security is beneficial but not mandatory. Candidates with experience managing access control security solutions or understanding the principles of various security solutions are preferred.Interest in automating security tasks using PowerShell, Python, or APIs to improve efficiency and management is desirable.Understanding of IT infrastructure, operating systems, and databases relevant to security solution operations is expected.A strong desire to analyze and resolve issues that arise during the operation of security solutions is sought.Experience in automating repetitive operational tasks and working with log parsing, cleansing, and detection rule creation is advantageous.Experience in implementing security policies to comply with electronic financial transaction laws and regulations is a plus.Resume Submission GuidelinesPlease provide detailed examples of your work experience, highlighting your role in projects, technologies used, and improvements made before and after.If you faced challenges while solving problems, explain your thought process and how you resolved them.If you have experience identifying and responding to security threats or solving diverse issues (technical and managerial), please detail these experiences.Document your experiences in learning new security technologies and threats specifically.Application ProcessApplication Submission > Job Interview > Cultural Fit Interview > Reference Check (if applicable) > Offer Negotiation > Final Acceptance and OnboardingImportant NotesThis is a contract position with an initial contract period of one year.New graduates are welcome to apply!Any discrepancies found in the resume or disciplinary actions during previous employment may result in cancellation of the hiring process.