Hyundai Capital
Security Operations and Incident Response Manager
Hyundai Capital, Irvine, California, United States, 92713
Overview
Security Operations & Incident Response Manager - (250000JZ) Hyundai Capital America offers a wide range of financial products through its service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Hyundai Capital America is an Equal Opportunity Employer committed to a diverse and inclusive culture, with a focus on skill development and career advancement. We Take Care of Our People Medical, Dental and Vision plans with no-cost and low-cost options Immediate 401(k) matching and vesting Vehicle purchase and lease discounts plus monthly vehicle allowances Paid Volunteer Time Off with company donation to a charity of your choice What to Expect The Security Operations & Incident Response (SOIR) Manager is responsible for the enterprise-wide incident response function within the Security Operations Center (SOC), ensuring rapid detection, containment, and remediation of cybersecurity threats. This role oversees third-party incident responders and collaborates with threat intelligence, vulnerability management, and engineering teams to drive continuous improvement in detection and response capabilities. The role also creates and maintains incident response playbooks and establishes processes for proactive threat hunting, as well as administration and day-to-day support of HCA EDR, SIEM, and other monitoring and remediation tools. What You Will Do Security Monitoring & Threat Detection : Monitor and analyze security events in real-time using SIEM platforms to detect and respond to threats targeting financial systems (e.g., ransomware, phishing, account takeover). Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity. Leverage threat intelligence platforms to analyze emerging financial-specific threats and develop actionable insights. Alert Triage: Investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents. Incident Handling: Lead and support incident response activities across the MITRE framework. Forensic Analysis: Perform forensic investigations to determine root cause and document findings for audits and legal purposes. Playbook Development: Create and maintain incident response playbooks for rapid and consistent responses. Post-Incident Review: Conduct reviews to identify lessons learned and update security controls to prevent recurrence. Coordinate with MSSP partners in a co-managed SIEM/SOC model for escalation validation and tuning feedback. Tool Administration and Management of SOC Solutions : Tool Administration: Manage and configure security tools (SIEM, EDR, firewalls, vulnerability scanners) for optimal performance. Rule Tuning: Develop and tune detection rules, signatures, and alerts to reduce false positives. Automation: Implement automation responses (e.g., scripts) to streamline tasks such as alert enrichment and incident triage. Cloud Security Monitoring: Monitor and secure cloud environments (AWS, Azure, Google Cloud, Oracle Cloud) using native tools and third-party integrations. Collaborate with cybersecurity architecture & engineering to ensure proper tool integration across cloud, network, and endpoint environments. Partner with vulnerability management and IAM teams to ensure holistic security coverage. Collaboration, Automation, and Innovation Activities : Cross-Functional Collaboration with IT Infrastructure, IT Applications, DevOps, IAM, DLP, and Application Security teams. Vulnerability Management: Conduct regular vulnerability scans and support remediation plans. Documentation, Reporting, and Compliance Activities : Incident Documentation: Document security incidents, investigations, and remediation actions for audits and lessons learned. Vulnerability and Penetration Test Reports: Produce reports including risk assessments and remediation plans. Metrics and Reporting: Develop and report SOC metrics (e.g., MTTD, MTTR, remediation rates) to demonstrate effectiveness. Runbooks and Procedures: Maintain SOC runbooks, SOPs, and knowledge bases for incident response and vulnerability management. Qualifications What You Will Bring Minimum 5-7 years of progressive cybersecurity experience with proven SOC and incident response expertise; 3+ years in financial services with knowledge of financial threats and regulations (e.g., PCI DSS, Korean SOX, GDPR) Hands-on experience with SIEM, EDR, and other monitoring and vulnerability tools (e.g., Splunk, CrowdStrike, Rapid7) Strong understanding of cyber threat landscapes, MITRE ATT&CK framework, and adversary tactics Bachelor’s degree in Computer Science, Information Security, or related field Certification such as CISSP, CCSP, CISM, TOGAF or equivalent Ability to manage major incident investigations, including root cause analysis and coordination with legal, compliance, and law enforcement when necessary Familiarity with regulatory frameworks such as HIPAA, PCI-DSS, NIST, ISO 27001, GDPR Experience developing and maintaining incident response playbooks, escalation procedures, and SOC SOPs Experience with cybersecurity metrics and KPIs and communicating risk to executives Strong incident response lifecycle expertise: detection, triage, containment, eradication, recovery, and post-incident review Analytical mindset, attention to detail, and excellent communication and documentation skills Ability to work under pressure and manage multiple incidents Commitment to continuous learning and staying ahead of threats Employees in this class may sit, stand, and move for extended periods; vision and noise levels may vary. Work is performed in home and office environments. This notice applies to applicants in California. The latest version of our Privacy Policy is available here. For questions about CCPA, contact Privacy Team at Privacy2@hcs.com.
#J-18808-Ljbffr
Security Operations & Incident Response Manager - (250000JZ) Hyundai Capital America offers a wide range of financial products through its service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Hyundai Capital America is an Equal Opportunity Employer committed to a diverse and inclusive culture, with a focus on skill development and career advancement. We Take Care of Our People Medical, Dental and Vision plans with no-cost and low-cost options Immediate 401(k) matching and vesting Vehicle purchase and lease discounts plus monthly vehicle allowances Paid Volunteer Time Off with company donation to a charity of your choice What to Expect The Security Operations & Incident Response (SOIR) Manager is responsible for the enterprise-wide incident response function within the Security Operations Center (SOC), ensuring rapid detection, containment, and remediation of cybersecurity threats. This role oversees third-party incident responders and collaborates with threat intelligence, vulnerability management, and engineering teams to drive continuous improvement in detection and response capabilities. The role also creates and maintains incident response playbooks and establishes processes for proactive threat hunting, as well as administration and day-to-day support of HCA EDR, SIEM, and other monitoring and remediation tools. What You Will Do Security Monitoring & Threat Detection : Monitor and analyze security events in real-time using SIEM platforms to detect and respond to threats targeting financial systems (e.g., ransomware, phishing, account takeover). Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity. Leverage threat intelligence platforms to analyze emerging financial-specific threats and develop actionable insights. Alert Triage: Investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents. Incident Handling: Lead and support incident response activities across the MITRE framework. Forensic Analysis: Perform forensic investigations to determine root cause and document findings for audits and legal purposes. Playbook Development: Create and maintain incident response playbooks for rapid and consistent responses. Post-Incident Review: Conduct reviews to identify lessons learned and update security controls to prevent recurrence. Coordinate with MSSP partners in a co-managed SIEM/SOC model for escalation validation and tuning feedback. Tool Administration and Management of SOC Solutions : Tool Administration: Manage and configure security tools (SIEM, EDR, firewalls, vulnerability scanners) for optimal performance. Rule Tuning: Develop and tune detection rules, signatures, and alerts to reduce false positives. Automation: Implement automation responses (e.g., scripts) to streamline tasks such as alert enrichment and incident triage. Cloud Security Monitoring: Monitor and secure cloud environments (AWS, Azure, Google Cloud, Oracle Cloud) using native tools and third-party integrations. Collaborate with cybersecurity architecture & engineering to ensure proper tool integration across cloud, network, and endpoint environments. Partner with vulnerability management and IAM teams to ensure holistic security coverage. Collaboration, Automation, and Innovation Activities : Cross-Functional Collaboration with IT Infrastructure, IT Applications, DevOps, IAM, DLP, and Application Security teams. Vulnerability Management: Conduct regular vulnerability scans and support remediation plans. Documentation, Reporting, and Compliance Activities : Incident Documentation: Document security incidents, investigations, and remediation actions for audits and lessons learned. Vulnerability and Penetration Test Reports: Produce reports including risk assessments and remediation plans. Metrics and Reporting: Develop and report SOC metrics (e.g., MTTD, MTTR, remediation rates) to demonstrate effectiveness. Runbooks and Procedures: Maintain SOC runbooks, SOPs, and knowledge bases for incident response and vulnerability management. Qualifications What You Will Bring Minimum 5-7 years of progressive cybersecurity experience with proven SOC and incident response expertise; 3+ years in financial services with knowledge of financial threats and regulations (e.g., PCI DSS, Korean SOX, GDPR) Hands-on experience with SIEM, EDR, and other monitoring and vulnerability tools (e.g., Splunk, CrowdStrike, Rapid7) Strong understanding of cyber threat landscapes, MITRE ATT&CK framework, and adversary tactics Bachelor’s degree in Computer Science, Information Security, or related field Certification such as CISSP, CCSP, CISM, TOGAF or equivalent Ability to manage major incident investigations, including root cause analysis and coordination with legal, compliance, and law enforcement when necessary Familiarity with regulatory frameworks such as HIPAA, PCI-DSS, NIST, ISO 27001, GDPR Experience developing and maintaining incident response playbooks, escalation procedures, and SOC SOPs Experience with cybersecurity metrics and KPIs and communicating risk to executives Strong incident response lifecycle expertise: detection, triage, containment, eradication, recovery, and post-incident review Analytical mindset, attention to detail, and excellent communication and documentation skills Ability to work under pressure and manage multiple incidents Commitment to continuous learning and staying ahead of threats Employees in this class may sit, stand, and move for extended periods; vision and noise levels may vary. Work is performed in home and office environments. This notice applies to applicants in California. The latest version of our Privacy Policy is available here. For questions about CCPA, contact Privacy Team at Privacy2@hcs.com.
#J-18808-Ljbffr