Hyundai Capital
Security Operations and Incident Response Manager
Hyundai Capital, Irvine, California, United States, 92713
Job Description - Security Operations and Incident Response Manager
Overview
Security Operations and Incident Response Manager - ( 250000JZ ) Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture. We offer a range of financial products through Hyundai Motor Finance, Genesis Finance, and Kia Finance, including vehicle financing, leasing, subscription, and insurance solutions to over 2 million customers and dealerships. We value skill development and career advancement and strive to lead in financing freedom of movement. What to Expect
The Security Operations & Incident Response (SOIR) Manager is responsible for the enterprise-wide incident response function within the Security Operations Center (SOC), ensuring rapid detection, containment, and remediation of cybersecurity threats. This role oversees third-party incident responders and collaborates with threat intelligence, vulnerability management, and engineering teams to drive continuous improvement in detection and response capabilities. The role will create and maintain incident response playbooks and establish processes for proactive threat hunting, as well as administer and support HCA EDR, SIEM, and monitoring, threat detection, and remediation tools. What You Will Do
Security Monitoring & Threat Detection
Monitor and analyze security events in real-time using SIEM platforms (e.g., Splunk, NGSIEM) to detect and respond to threats targeting financial systems (e.g., ransomware, phishing, or account takeover). Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity. Leverage threat intelligence platforms to analyze emerging financial-specific threats, correlate intelligence with internal data, and develop actionable insights to enhance detection and prevention strategies. Alert triage: investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents. Incident handling: lead and support incident response activities, including containment, eradication, and recovery, for security incidents spanning the MITRE framework. Forensic analysis: perform investigations to determine the root cause of incidents, and document findings for audits and legal purposes. Playbook development: create and maintain incident response playbooks for rapid and consistent response processes. Post-incident review: conduct reviews to identify lessons learned, recommend improvements, and update security controls to prevent recurrence. Coordinate with MSSP partners in a co-managed SIEM/SOC model to validate escalations and provide tuning feedback.
Tool Administration and Management of SOC Solutions
Manage and configure security tools, including SIEM, EDR, firewalls, and vulnerability scanners, to ensure optimal performance and coverage. Develop and tune detection rules, signatures, and alerts to reduce false positives and improve detection accuracy in financial environments. Implement automation for alert enrichment, incident triage, or vulnerability scans using scripting (e.g., Python, PowerShell). Monitor and secure cloud environments (e.g., AWS, Azure, Google Cloud, Oracle Cloud) using native security tools and third-party integrations. Collaborate with cybersecurity architecture & engineering teams to ensure proper integration of security tools across cloud, network, and endpoint environments. Partner with vulnerability management and IAM teams to ensure holistic security coverage.
Collaboration, Automation, and Innovation Activities
Cross-functional collaboration with IT Infrastructure, IT Applications, DevOps, IAM, DLP, and Application Security teams to integrate security operations with broader cybersecurity initiatives. Vulnerability management: collaborate to conduct regular vulnerability scans and support remediation plans.
Documentation, Reporting, and Compliance Activities
Document security incidents, investigations, and remediation actions to support audits and lessons learned. Produce vulnerability and penetration test reports with risk assessments and remediation plans. Develop and report SOC metrics (e.g., Mean Time to Detect, Mean Time to Respond, vulnerability remediation rates) to demonstrate effectiveness. Maintain SOC runbooks, SOPs, and knowledge bases for incident response, vulnerability management, and penetration testing.
Qualifications
Minimum 5-7 years of progressive cybersecurity experience with proven knowledge in SOC practices and incident response; 3+ years in financial services with understanding of financial threats and regulations (e.g., PCI DSS, GDPR, Korean SOX). Hands-on experience with SIEM platforms, EDR solutions, and other monitoring and vulnerability management tools (e.g., Splunk, CrowdStrike, Rapid7). Strong understanding of cyber threat landscapes, MITRE ATT&CK framework, and attacker techniques. Bachelor’s degree in Computer Science, Information Security, or related field. Certification in CISSP, CCSP, CISM, TOGAF or equivalent. Experience managing major incident investigations, including root cause analysis and executive reporting, with coordination with legal and compliance when necessary. Familiarity with regulatory and compliance frameworks such as HIPAA, PCI-DSS, NIST, ISO 27001, and GDPR. Ability to develop and maintain incident response playbooks, escalation procedures, and SOC SOPs. Experience with cybersecurity metrics and KPIs and communicating risk to executive leadership. Demonstrated expertise in the incident response lifecycle and post-incident reviews. Analytical mindset, attention to detail, strong communication and documentation skills. Ability to work under pressure and manage multiple incidents simultaneously. Continual learning mindset to stay ahead of threats. Employees in this class are subject to extended periods of sitting, standing, and walking, vision to monitor and moderate noise levels. Work is performed in a home and office environment. This notice applies to California residents. The latest version of our Privacy Policy can be found here. If you have questions about CCPA, contact Privacy Team at Privacy2@hcs.com.
#J-18808-Ljbffr
Security Operations and Incident Response Manager - ( 250000JZ ) Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture. We offer a range of financial products through Hyundai Motor Finance, Genesis Finance, and Kia Finance, including vehicle financing, leasing, subscription, and insurance solutions to over 2 million customers and dealerships. We value skill development and career advancement and strive to lead in financing freedom of movement. What to Expect
The Security Operations & Incident Response (SOIR) Manager is responsible for the enterprise-wide incident response function within the Security Operations Center (SOC), ensuring rapid detection, containment, and remediation of cybersecurity threats. This role oversees third-party incident responders and collaborates with threat intelligence, vulnerability management, and engineering teams to drive continuous improvement in detection and response capabilities. The role will create and maintain incident response playbooks and establish processes for proactive threat hunting, as well as administer and support HCA EDR, SIEM, and monitoring, threat detection, and remediation tools. What You Will Do
Security Monitoring & Threat Detection
Monitor and analyze security events in real-time using SIEM platforms (e.g., Splunk, NGSIEM) to detect and respond to threats targeting financial systems (e.g., ransomware, phishing, or account takeover). Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity. Leverage threat intelligence platforms to analyze emerging financial-specific threats, correlate intelligence with internal data, and develop actionable insights to enhance detection and prevention strategies. Alert triage: investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents. Incident handling: lead and support incident response activities, including containment, eradication, and recovery, for security incidents spanning the MITRE framework. Forensic analysis: perform investigations to determine the root cause of incidents, and document findings for audits and legal purposes. Playbook development: create and maintain incident response playbooks for rapid and consistent response processes. Post-incident review: conduct reviews to identify lessons learned, recommend improvements, and update security controls to prevent recurrence. Coordinate with MSSP partners in a co-managed SIEM/SOC model to validate escalations and provide tuning feedback.
Tool Administration and Management of SOC Solutions
Manage and configure security tools, including SIEM, EDR, firewalls, and vulnerability scanners, to ensure optimal performance and coverage. Develop and tune detection rules, signatures, and alerts to reduce false positives and improve detection accuracy in financial environments. Implement automation for alert enrichment, incident triage, or vulnerability scans using scripting (e.g., Python, PowerShell). Monitor and secure cloud environments (e.g., AWS, Azure, Google Cloud, Oracle Cloud) using native security tools and third-party integrations. Collaborate with cybersecurity architecture & engineering teams to ensure proper integration of security tools across cloud, network, and endpoint environments. Partner with vulnerability management and IAM teams to ensure holistic security coverage.
Collaboration, Automation, and Innovation Activities
Cross-functional collaboration with IT Infrastructure, IT Applications, DevOps, IAM, DLP, and Application Security teams to integrate security operations with broader cybersecurity initiatives. Vulnerability management: collaborate to conduct regular vulnerability scans and support remediation plans.
Documentation, Reporting, and Compliance Activities
Document security incidents, investigations, and remediation actions to support audits and lessons learned. Produce vulnerability and penetration test reports with risk assessments and remediation plans. Develop and report SOC metrics (e.g., Mean Time to Detect, Mean Time to Respond, vulnerability remediation rates) to demonstrate effectiveness. Maintain SOC runbooks, SOPs, and knowledge bases for incident response, vulnerability management, and penetration testing.
Qualifications
Minimum 5-7 years of progressive cybersecurity experience with proven knowledge in SOC practices and incident response; 3+ years in financial services with understanding of financial threats and regulations (e.g., PCI DSS, GDPR, Korean SOX). Hands-on experience with SIEM platforms, EDR solutions, and other monitoring and vulnerability management tools (e.g., Splunk, CrowdStrike, Rapid7). Strong understanding of cyber threat landscapes, MITRE ATT&CK framework, and attacker techniques. Bachelor’s degree in Computer Science, Information Security, or related field. Certification in CISSP, CCSP, CISM, TOGAF or equivalent. Experience managing major incident investigations, including root cause analysis and executive reporting, with coordination with legal and compliance when necessary. Familiarity with regulatory and compliance frameworks such as HIPAA, PCI-DSS, NIST, ISO 27001, and GDPR. Ability to develop and maintain incident response playbooks, escalation procedures, and SOC SOPs. Experience with cybersecurity metrics and KPIs and communicating risk to executive leadership. Demonstrated expertise in the incident response lifecycle and post-incident reviews. Analytical mindset, attention to detail, strong communication and documentation skills. Ability to work under pressure and manage multiple incidents simultaneously. Continual learning mindset to stay ahead of threats. Employees in this class are subject to extended periods of sitting, standing, and walking, vision to monitor and moderate noise levels. Work is performed in a home and office environment. This notice applies to California residents. The latest version of our Privacy Policy can be found here. If you have questions about CCPA, contact Privacy Team at Privacy2@hcs.com.
#J-18808-Ljbffr