Apply on Employer Site

Hyundai Capital Canada · 1 month ago

Security Operations and Incident Response Manager

United States-Texas-Plano

Full-time

Onsite

Senior Level

$92K/yr - $144K/yr

5+ years exp

Hyundai Capital America is a financial services company offering a range of products for Hyundai, Genesis, and Kia customers. The Security Operations & Incident Response Manager is responsible for overseeing the incident response function within the Security Operations Center, ensuring rapid detection and remediation of cybersecurity threats while maintaining the integrity and confidentiality of digital assets.

AutomotiveFinanceFinancial Services

Responsibilities

Monitor and analyze security events in real-time using SIEM platforms (e.g., Splunk, NGSIEM etc.) to detect and respond to threats targeting financial systems, such as ransomware, phishing, or account takeover

Tune and optimize SIEM correlation rules and ingestion pipelines to reduce false positives and improve detection fidelity

Leverage threat intelligence platforms to analyze emerging financial-specific threats, correlate intelligence with internal data, and develop actionable insights to enhance detection and prevention strategies

Investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents

Lead and support incident response activities, including containment, eradication, and recovery, for security incidents spanning the MITRE framework

Perform forensic investigations to determine the root cause of incidents, and document findings for audits and legal purposes

Create and maintain incident response playbooks, ensuring rapid and consistent response processes

Conduct post-Incident reviews to identify lessons learned, recommend improvements, and update security controls to prevent recurrence

Coordinate with MSSP partners in a co-managed SIEM/SOC model to validate escalations and provide tuning feedback

Manage and configure security tools, including SIEM, EDR, firewalls, and vulnerability scanners, to ensure optimal performance and coverage

Develop and tune detection rules, signatures, and alerts to reduce false positives and improve detection accuracy in financial environments

Implement automation responses (e.g. SOUR) scripts (e.g., Python, PowerShell) to streamline tasks like alert enrichment, incident triage, or vulnerability scans

Monitor and secure cloud environments (e.g., AWS, Azure, Google Cloud, Oracle Cloud) using native security tools and third-party integrations, protecting financial data and workloads

Collaborate with cybersecurity architecture & engineering team to ensure proper integration of security tools across cloud, network, and endpoint environments

Partner with vulnerability management and IAM teams to ensure holistic security coverage

Partner with IT Infrastructure and IT Application Teams, DevOps, IAM, DLP, and Application Security teams to integrate security operations with broader cybersecurity initiatives, such as cloud migrations or fintech development

Collaborate with Vulnerability Management team to conduct regular vulnerability scans across networks, systems, and applications to identify weaknesses, such as unpatched software or misconfigurations and support the patching management and/or adequate remediation plan

Document security incidents, investigations, and remediation actions in detail to support audits, compliance, and lessons learned

Produce comprehensive reports on vulnerability scans and penetration tests, including risk assessments, remediation plans, and validation results

Develop and report on SOC metrics (e.g., Mean Time to Detect, Mean Time to Respond, vulnerability remediation rates, penetration test coverage) to demonstrate operational effectiveness

Maintain and update SOC runbooks, standard operating procedures (SOPs), and knowledge bases for incident response, vulnerability management, and penetration testing

Qualification

SIEM platformsIncident responseCybersecurity metricsFinancial services experienceEDR solutionsVulnerability management toolsCyber threat landscapesRegulatory frameworksAnalytical mindsetCommunicationAttention to detailWork under pressureContinuous learning

Required

Minimum 5-7 years progressive experience in cybersecurity with proven knowledge in Security Operations Center practices and incident response processes; including 3+ years of experience in financial services, with a strong understanding of financial threats (e.g., fraud, data breaches) and regulations (e.g., PCI DSS, Korean SOX, GDPR)

Hands-on experience with SIEM platforms, EDR solutions, and other Monitoring and Vulnerability management tools (e.g., Splunk, Crowdstrike, Rapid 7)

Strong understanding of cyber threat landscapes, attack vectors, MITRE ATT&CK framework, and adversary tactics, techniques, and procedures

Bachelor's degree in Computer Science, Information Security, or related field

Certification in one of the following: CISSP, CCSP, CISM, TOGAF or equivalent

Demonstrated ability to manage major incident investigations, including root cause analysis, executive reporting, and coordination with legal, compliance, and law enforcement when necessary

Familiarity with regulatory and compliance frameworks such as HIPAA, PCI-DSS, NIST, ISO 27001, and GDPR

Proven ability to develop and maintain incident response playbooks, escalation procedures, and SOC standard operating procedures (SOPs)

Experience with cybersecurity metrics and KPIs, and the ability to communicate risk and operational performance to executive leadership

Demonstrated expertise in incident response lifecycle, including detection, triage, containment, eradication, recovery, and post-incident review

Analytical mindset with attention to detail

Excellent communication and documentation skills

Ability to work under pressure and manage multiple incidents simultaneously

Passion for continuous learning and staying ahead of emerging threats