Sr. Security Operations Engineer
Description:
Who We Are
Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.
We Take Care of Our People
Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:
· Medical, Dental and Vision plans that include no-cost and low-cost plan options
· Immediate 401(k) matching and vesting
· Vehicle purchase and lease discounts plus monthly vehicle allowances
· Paid Volunteer Time Off with company donation to a charity of your choice
· Tuition reimbursement
What to Expect
The Sr. Security Operations Engineer is responsible for monitoring, detecting, analyzing, and responding to cyber threats within the organization’s Security Operations Center (SOC), with a focus on securing financial systems and data. This role will collaborate with vulnerability management, intelligence threat analysis, and penetration tester specialists to enhance the organization’s security posture. Reporting to the Senior Manager of Security Operations, this role will manage security tools, lead incident response, perform penetration testing, and collaborate with cross-functional teams to mitigate risks. This role integrates with Identity and Access Management (IAM), Data Loss Prevention (DLP), and other cybersecurity functions, ensuring compliance with financial regulations (e.g., PCI DSS, GDPR, SOX, FFIEC).
What You Will Do
1. Security Monitoring and Threat Detection:
· SOC Operations: Monitor and analyze security events in real-time using SIEM platforms (e.g., Splunk, etc.) to detect and respond to threats targeting financial systems, such as ransomware, phishing, or account takeover.
· Threat Intelligence Analysis: Leverage threat intelligence platforms to analyze emerging financial-specific threats, correlate intelligence with internal data, and develop actionable insights to enhance detection and prevention strategies.
· Alert Triage: Investigate and triage security alerts, correlating data from endpoints, networks, and cloud environments to identify true positives and escalate critical incidents.
· Behavioral Analysis: Utilize user and entity behavior analytics (UEBA) to detect anomalies, such as insider threats or compromised accounts, in financial applications
2. Incident Response and Remediation:
· Incident Handling: Lead and support incident response activities, including containment, eradication, and recovery, for security incidents like data breaches, malware infections, or API exploits.
· Forensic Analysis: Perform forensic investigations to determine the root cause of incidents, and document findings for audits and legal purposes.
· Playbook Development: Create and maintain incident response playbooks tailored to financial threats, ensuring rapid and consistent response processes.
· Post-Incident Review: Conduct post-Incident reviews to identify lessons learned, recommend improvements, and update security controls to prevent recurrence.
3. Security Tool Management and Optimization:
· Tool Administration: Manage and configure security tools, including SIEM, EDR (e.g., CrowdStrike), IDS/IPS (e.g., Palo Alto), firewalls, and vulnerability scanners, to ensure optimal performance and coverage.
· Rule Tuning: Develop and tune detection rules, signatures, and alerts to reduce false positives and improve detection accuracy in financial environments.
· Automation: Implement automation scripts (e.g., Python, PowerShell, Bash) and SOAR platforms (e.g., Splunk SOAR, Palo Alto Cortex XSOAR) to streamline tasks like alert enrichment, incident triage, or vulnerability scans.
· Cloud Security Monitoring: Monitor and secure cloud environments (e.g., AWS, Azure, Google Cloud, Oracle Cloud) using native security tools and third-party integrations, protecting financial data and workloads.
4. Integration with IAM and DLP:
· IAM Support: Collaborate with the IAM team to monitor and respond to access-related incidents, such as unauthorized access or privilege escalation, integrating with tools like SailPoint, or CyberArk.
· DLP Monitoring: Work with the DLP team to investigate data loss incidents, leveraging DLP tools (e.g., Symantec DLP, Microsoft Purview) to detect and prevent unauthorized data exfiltration.
· Zero-Trust Enforcement: Support zero-trust initiatives by monitoring access patterns and enforcing least privilege principles in financial applications and systems.
5. Intelligence Threat Analysis:
· Threat Research: Perform in-depth analysis of threat intelligence feeds, dark web sources, and industry reports to identify threats relevant to financial services, such as zero-day exploits or targeted campaigns.
· Threat Hunting: Conduct proactive threat hunting to uncover hidden or undetected threats in financial systems, using SIEM, EDR, and network traffic analysis tools.
· Intelligence Integration: Develop and refine detection rules, indicators of compromise (IOCs), and threat signatures based on intelligence analysis to improve SOC effectiveness.
· Threat Briefings: Deliver regular threat intelligence briefings to SOC team, leadership, and stakeholders, translating complex threat data into actionable recommendations.
6. Penetration Testing Deliverables:
· Penetration Testing: Plan and execute penetration tests on financial systems, applications, and networks to identify exploitable vulnerabilities, simulating real-world attacks (e.g., privilege escalation, data exfiltration).
· Test Scoping and Execution: Define penetration testing scope, methodologies, and rules of engagement, while ensuring compliance with financial regulations.
· Deliverable Production: Produce detailed penetration testing reports, including findings, exploit paths, risk ratings, and remediation recommendations, tailored for technical and executive audiences.
· Remediation Validation: Collaborate with IT and development teams to validate remediation of identified vulnerabilities, retesting to confirm fixes and reduce risk exposure.
7. Collaboration and Training:
· Cross-Functional Collaboration: Partner with IT Infrastructure and IT Application Teams, DevOps, IAM, DLP, and Application Security teams to integrate security operations with broader cybersecurity initiatives, such as cloud migrations or fintech development.
· Threat Hunting and Penetration Testing Coordination: Collaborate with threat intelligence and penetration testing teams to align hunting and testing efforts with SOC priorities.
· Training and Mentoring: Mentor junior SOC analysts and engineers, providing guidance on threat detection, incident response, vulnerability management, and penetration testing.
· Security Awareness: Contribute to security awareness programs, educating employees on financial-specific threats like phishing, social engineering, or unpatched vulnerabilities.
· Vulnerability Management: Collaborate with Vulnerability Management team to conduct regular vulnerability scans across networks, systems, and applications to identify weaknesses, such as unpatched software or misconfigurations and support the patching management and/or adequate remediation plan.
8. Documentation and Reporting:
· Incident Documentation: Document security incidents, investigations, and remediation actions in detail to support audits, compliance, and lessons learned.
· Vulnerability and Penetration Test Reports: Produce comprehensive reports on vulnerability scans and penetration tests, including risk assessments, remediation plans, and validation results.
· Metrics and Reporting: Develop and report on SOC metrics (e.g., Mean Time to Detect, Mean Time to Respond, vulnerability remediation rates, penetration test coverage) to demonstrate operational effectiveness.
· Runbooks and Procedures: Maintain and update SOC runbooks, standard operating procedures (SOPs), and knowledge bases for incident response, vulnerability management, and penetration testing.
What You Will Bring
· Minimum 8 years progressive experience in cybersecurity with proven knowledge in a security operation or SOC role focused on threat detection, incident response, vulnerability management, or penetration testing.
· 2+ years of experience in financial services, with a strong understanding of financial threats (e.g., fraud, data breaches) and regulations (e.g., PCI DSS, Korean SOX, GDPR).
· Hands-on experience managing SIEM, EDR, IDS/IPS, vulnerability scanners (e.g., Rapid7), and penetration testing tools.
· Proven track record of responding to security incidents, conducting vulnerability management, analyzing threat intelligence, and delivering penetration testing outcomes.
· Experience integrating with IAM (e.g., SailPoint, CyberArk) and DLP (e.g., Symantec DLP, Microsoft Purview) systems.
· Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, Information Technology or a related field. Master’s degree preferred.
· At least one of the following: CISSP, GCIH, GCIA, CEH, OSCP, or equivalent. Certifications in vulnerability management (e.g., GIAC GMON) or penetration testing (e.g., GPEN, GWAPT) are a plus.
· Knowledge of security frameworks such as NIST, ISO 27001, and COBIT.
Technical Skills:
· Technical expert with deep experience in security operations, vulnerability management, threat analysis, penetration testing, and financial services.
· Expertise in SIEM platforms (e.g., Splunk), EDR tools (e.g., CrowdStrike), and vulnerability scanners (e.g., Rapid7).
· Proficiency in penetration testing tools and methodologies (e.g., PTES, OSSTMM).
· Strong knowledge of threat intelligence analysis, incident response processes, and forensic analysis.
· Experience with automation and scripting (e.g., Python, PowerShell, Bash) for security operations, vulnerability management, and penetration testing tasks.
· Familiarity with IAM and DLP systems for monitoring and incident response.
· Knowledge of financial systems (e.g., core banking platforms, payment gateways) and their security requirements.
Soft Skills:
· Strong analytical skills to investigate incidents, assess vulnerabilities, and analyze threats.
· Excellent communication skills to document findings, produce reports, and collaborate with cross-functional teams.
· Ability to work under pressure in a fast-paced, high-stakes environment.
Preferred:
· Experience with AI-driven security tools (e.g., ReliaQuest GreyMatter, etc.) for threat detection and response.
· Familiarity with SOAR platforms (e.g., Splunk SOAR, Palo Alto Cortex XSOAR) for incident response automation.
· Knowledge of financial fraud prevention techniques (e.g., transaction monitoring, anti-money laundering).
· Experience working with MSSPs for SOC operations support.
· Understanding of emerging threats, such as supply chain attacks, cloud-native exploits, or advanced persistent threats (APTs).
Work Environment
Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.
The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.
California Privacy Notice
This notice only applies to our applicants who reside in the State of California.
The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 (“CCPA”).
If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at .
Schedule: Full-time