Apply on Employer Site

Kia America · 4 weeks ago

Sr. Incident Response Manager

Irvine, CA

Full-time

Onsite

Senior Level

$123K/yr - $178K/yr

5+ years exp

Kia America is redefining what value means in the automotive industry and is seeking a Senior Incident Response Manager to lead their incident response operations. The role involves strategic leadership for detecting and responding to cyber threats, overseeing incident response activities, and enhancing security capabilities across various environments.

Automotive

Hiring Manager

Bernita Camper

Responsibilities

Lead incident response across KUS and affiliates (triage, containment, eradication, recovery, communication)

Coordinate internal/external stakeholders and ensure timely executive reporting

Design, implement, and tune detections mapped to MITRE ATT&CK framework across the following platforms:

Security Information and Event Management (SIEM)- e.g., Microsoft Sentinel

Security Orchestration, Automation, and Response (SOAR) - e.g., Splunk ES

Extended Detection and Response (XDR) - e.g., Microsoft 365 Defender

Email Security- e.g., Microsoft EOP/Mimecast

Network sensors

Develop IR runbooks/playbooks, automate with SOAR, run tabletop and purple-team exercises, coordinate vulnerability remediation with IT partner, and maintain metrics/KPI for continuous improvement

Maintain proactive vulnerability and exposure management, including: enterprise scanning (on-premises, cloud, and container environments); attack surface management (ASM); configuration baselines such as Center for Internet Security (CIS) Benchmarks; patch and change governance with IT partner; measurement and reporting, such as Common Vulnerability Scoring System (CVSS) / Exploit Prediction Scoring System (EPSS); and preventive controls and system hardening

Drive phishing and Business Email Compromise (BEC) takedown efforts; domain abuse monitoring through email authentication protocols including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance); strengthen identity protection measures; and harden high-risk workflows including Finance and HR

Acquire and preserve digital evidence; perform host, network, and cloud forensics; analyze malware artifacts; determine root cause; and document findings and lessons learned through comprehensive incident reports

Qualification

Incident ResponseCybersecurity ExperienceSIEM/XDR/SOARSecurity FrameworksEmail SecurityDigital ForensicsProblem SolvingCommunication SkillsTeam Leadership

Required

Bachelor's degree in Computer Science, Information Technology, or a related field required

5-7 years of cybersecurity experience in organizations with mature security processes, including 5-7 years of hands-on technical work and 2-4 years specializing in enterprise-scale incident response and blue team operations

In-depth knowledge and practical experience with various IT and security systems

Familiar with security related regulations and compliance requirements

Experience in policy development and implementation

Strong understanding of security frameworks and standards (e.g., NIST, ISO, CIS)

Strong understanding of network security, applications, cloud, and infrastructure

20% of domestic or international travel

Job demands may include confidentiality, problem solving, reasoning skills, oral communication, written communication, and ability to effectively communicate with executive as well as technical audience

Must be able to maintain focus and attention to detail in a fast-paced environment

Ability to analyze information and make sound decisions under time constraints

Problem-solving skills and the ability to work independently

Must be able to respond to challenges with poise and agility

Ability to handle competing priorities effectively and with composure

Must be able to calmly and confidently lead multiple cross-disciplined teams during stressful situations

Practical expertise with SIEM/XDR/SOAR (e.g., Microsoft Sentinel, Microsoft 365 Defender suite, Splunk ES), EDR (e.g., Defender for Endpoint, Sentinel One), email security (e.g., Mimecast), and Infra/Network vulnerability scanning tools (e.g., Rapid7, Qualys, Nessus, and Nmap, Wireshark)

Strong understanding of authentication and email security (SPF/DKIM/DMARC), identity protection (MFA/Conditional Access), and log sources across Windows, O365, Azure, and common SaaS