Hyundai Capital Bank Europe
Security Operations and Incident Response Manager
Hyundai Capital Bank Europe, Irvine, California, United States, 92713
Who We Are
Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships.
We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.
We Take Care of Our People Along with competitive pay, as an employee of HCA, you are eligible for the following benefits: ·
Medical, Dental and Vision plans that include no-cost and low-cost plan options ·
Immediate 401(k) matching and vesting ·
Vehicle purchase and lease discounts plus monthly vehicle allowances ·
Paid Volunteer Time Off with company donation to a charity of your choice ·
Tuition reimbursement
What to Expect The Security Operations & Incident Response (SOIR) Manager is responsible for the enterprise-wide incident response function within the Security Operations Center (SOC), ensuring rapid detection, containment, and remediation of cybersecurity threats. This role is pivotal in maintaining the integrity, confidentiality, and availability of Hyundai Capital America’s digital assets and infrastructure. This role will oversee 3rd party vendor of incident responders and collaborate with threat intelligence, vulnerability management, and engineering teams to drive continuous improvement in detection and response capabilities. In addition, this role will create and maintain incident response playbooks and establish processes for proactive threat hunting, as well as be responsible for administration and day-to-day support of HCA EDR, SIEM, and HCA Monitoring, Threat detection, and remediation tools.
What You Will Do 1.
Security Monitoring & Threat Detection : ·
Monitor and analyze security events in real-time using SIEM platforms (e.g., Splunk, NGSIEM etc.) to detect and respond to threats targeting financial systems, such as ransomware, phishing, or account takeover. ·
Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity. ·
Leverage threat intelligence platforms to analyze emerging financial-specific threats, correlate intelligence with internal data, and develop actionable insights to enhance detection and prevention strategies. 2.
Incident Response & Remediation : ·
Alert Triage: Investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents. ·
Incident Handling: Lead and support incident response activities, including containment, eradication, and recovery, for security incidents spanning the MITRE framework. ·
Forensic Analysis: Perform forensic investigations to determine the root cause of incidents, and document findings for audits and legal purposes. ·
Playbook Development: Create and maintain incident response playbooks, ensuring rapid and consistent response processes. ·
Post-Incident Review: Conduct post-Incident reviews to identify lessons learned, recommend improvements, and update security controls to prevent recurrence. ·
Coordinate with MSSP partners in a co-managed SIEM/SOC model to validate escalations and provide tuning feedback. 3.
Tool Administration and Management of SOC Solutions : ·
Tool Administration: Manage and configure security tools, including SIEM, EDR, firewalls, and vulnerability scanners, to ensure optimal performance and coverage. ·
Rule Tuning: Develop and tune detection rules, signatures, and alerts to reduce false positives and improve detection accuracy in financial environments. ·
Automation: Implement automation responses (e.g. SOUR) scripts (e.g., Python, PowerShell) to streamline tasks like alert enrichment, incident triage, or vulnerability scans. ·
Cloud Security Monitoring: Monitor and secure cloud environments (e.g., AWS, Azure, Google Cloud, Oracle Cloud) using native security tools and third-party integrations, protecting financial data and workloads. ·
Collaborate with cybersecurity architecture & engineering team to ensure proper integration of security tools across cloud, network, and endpoint environments. ·
Partner with vulnerability management and IAM teams to ensure holistic security coverage. 4.
Collaboration, Automation, and Innovation Activities : ·
Cross-Functional Collaboration: Partner with IT Infrastructure and IT Application Teams, DevOps, IAM, DLP, and Application Security teams to integrate security operations with broader cybersecurity initiatives, such as cloud migrations or fintech development. ·
Vulnerability Management: Collaborate with Vulnerability Management team to conduct regular vulnerability scans across networks, systems, and applications to identify weaknesses, such as unpatched software or misconfigurations and support the patching management and/or adequate remediation plan. 5.
Documentation, Reporting, and Compliance Activities : ·
Incident Documentation: Document security incidents, investigations, and remediation actions in detail to support audits, compliance, and lessons learned. ·
Vulnerability and Penetration Test Reports: Produce comprehensive reports on vulnerability scans and penetration tests, including risk assessments, remediation plans, and validation results. ·
Metrics and Reporting: Develop and report on SOC metrics (e.g., Mean Time to Detect, Mean Time to Respond, vulnerability remediation rates, penetration test coverage) to demonstrate operational effectiveness. · Runbooks and Procedures: Maintain and update SOC runbooks, standard operating procedures (SOPs), and knowledge bases for incident response, vulnerability management, and penetration testing.
We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.
We Take Care of Our People Along with competitive pay, as an employee of HCA, you are eligible for the following benefits: ·
Medical, Dental and Vision plans that include no-cost and low-cost plan options ·
Immediate 401(k) matching and vesting ·
Vehicle purchase and lease discounts plus monthly vehicle allowances ·
Paid Volunteer Time Off with company donation to a charity of your choice ·
Tuition reimbursement
What to Expect The Security Operations & Incident Response (SOIR) Manager is responsible for the enterprise-wide incident response function within the Security Operations Center (SOC), ensuring rapid detection, containment, and remediation of cybersecurity threats. This role is pivotal in maintaining the integrity, confidentiality, and availability of Hyundai Capital America’s digital assets and infrastructure. This role will oversee 3rd party vendor of incident responders and collaborate with threat intelligence, vulnerability management, and engineering teams to drive continuous improvement in detection and response capabilities. In addition, this role will create and maintain incident response playbooks and establish processes for proactive threat hunting, as well as be responsible for administration and day-to-day support of HCA EDR, SIEM, and HCA Monitoring, Threat detection, and remediation tools.
What You Will Do 1.
Security Monitoring & Threat Detection : ·
Monitor and analyze security events in real-time using SIEM platforms (e.g., Splunk, NGSIEM etc.) to detect and respond to threats targeting financial systems, such as ransomware, phishing, or account takeover. ·
Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity. ·
Leverage threat intelligence platforms to analyze emerging financial-specific threats, correlate intelligence with internal data, and develop actionable insights to enhance detection and prevention strategies. 2.
Incident Response & Remediation : ·
Alert Triage: Investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents. ·
Incident Handling: Lead and support incident response activities, including containment, eradication, and recovery, for security incidents spanning the MITRE framework. ·
Forensic Analysis: Perform forensic investigations to determine the root cause of incidents, and document findings for audits and legal purposes. ·
Playbook Development: Create and maintain incident response playbooks, ensuring rapid and consistent response processes. ·
Post-Incident Review: Conduct post-Incident reviews to identify lessons learned, recommend improvements, and update security controls to prevent recurrence. ·
Coordinate with MSSP partners in a co-managed SIEM/SOC model to validate escalations and provide tuning feedback. 3.
Tool Administration and Management of SOC Solutions : ·
Tool Administration: Manage and configure security tools, including SIEM, EDR, firewalls, and vulnerability scanners, to ensure optimal performance and coverage. ·
Rule Tuning: Develop and tune detection rules, signatures, and alerts to reduce false positives and improve detection accuracy in financial environments. ·
Automation: Implement automation responses (e.g. SOUR) scripts (e.g., Python, PowerShell) to streamline tasks like alert enrichment, incident triage, or vulnerability scans. ·
Cloud Security Monitoring: Monitor and secure cloud environments (e.g., AWS, Azure, Google Cloud, Oracle Cloud) using native security tools and third-party integrations, protecting financial data and workloads. ·
Collaborate with cybersecurity architecture & engineering team to ensure proper integration of security tools across cloud, network, and endpoint environments. ·
Partner with vulnerability management and IAM teams to ensure holistic security coverage. 4.
Collaboration, Automation, and Innovation Activities : ·
Cross-Functional Collaboration: Partner with IT Infrastructure and IT Application Teams, DevOps, IAM, DLP, and Application Security teams to integrate security operations with broader cybersecurity initiatives, such as cloud migrations or fintech development. ·
Vulnerability Management: Collaborate with Vulnerability Management team to conduct regular vulnerability scans across networks, systems, and applications to identify weaknesses, such as unpatched software or misconfigurations and support the patching management and/or adequate remediation plan. 5.
Documentation, Reporting, and Compliance Activities : ·
Incident Documentation: Document security incidents, investigations, and remediation actions in detail to support audits, compliance, and lessons learned. ·
Vulnerability and Penetration Test Reports: Produce comprehensive reports on vulnerability scans and penetration tests, including risk assessments, remediation plans, and validation results. ·
Metrics and Reporting: Develop and report on SOC metrics (e.g., Mean Time to Detect, Mean Time to Respond, vulnerability remediation rates, penetration test coverage) to demonstrate operational effectiveness. · Runbooks and Procedures: Maintain and update SOC runbooks, standard operating procedures (SOPs), and knowledge bases for incident response, vulnerability management, and penetration testing.