Kia Motors America
IT Security Engineer
Kia Motors America, Irvine, California, United States, 92713
At Kia, we’re creating award-winning products and redefining what value means in the automotive industry. It takes a special group of individuals to do what we do, and we do it together. Our culture is fast-paced, collaborative, and innovative. Our people thrive on thinking differently and challenging the status quo. We are creating something special here, a culture of learning and opportunity, where you can help Kia achieve big things and most importantly, feel passionate and connected to your work every day.Kia provides team members with competitive benefits including premium paid medical, dental and vision coverage for you and your dependents, 401(k) plan matching of 100% up to 6% of the salary deferral, and paid time off. Kia also offers company lease and purchase programs, company-wide holiday shutdown, paid volunteer hours, and premium lifestyle amenities at our corporate campus in Irvine, California.Summary
Under the direction of Information Security management, the Cyber Security Architect is responsible for protecting Kia America (KUS) including subsidiaries from cyberattacks which can result in loss of sensitive data, harm to the company brand or disruption to business operations. This position will report to the Head of Information Security and be a key member of the Information Security team.This critical role will coordinate the information security reviews of company IT initiatives either directly or through IT service providers. This includes conducting security risk assessments, performing penetration tests, identifying threats and vulnerabilities, and presenting recommendations to address them.The Cyber Security Architect will take necessary actions and preventive measures, such as analyzing security system logs, to protect company information systems, including employee, dealer and consumer facing systems, from being compromised. This role will investigate the security vulnerabilities of company information systems and provide solutions and methods to remediate them. This role is also responsible for creating, updating, and testing the company’s incident response procedures for handling security events. This includes conducting regular table-top exercises to continuously improve the effectiveness of these procedures and minimize the recovery time and business impact of an actual security event. This role will work with internal and external parties to conduct forensic analysis to determine root causes and implement corrective and preventive plans.The Cyber Security Architect works closely with KUS business units and security service providers to develop optimal solutions for short-term and long-term enhancements of KUS’s security maturity.Major Responsibilities
1st Priority - 30%
Conduct testing to identify vulnerabilities on applications, infrastructure, and computer systems. Collaborate with the IT teams (both internal and external) to remediate or update security controls when necessary.2nd Priority - 30%
Establish security incident response policies and procedures and conduct regular training. In the event of a security breach, lead the efforts to analyze the logs and investigate the details of the incident to take appropriate actions. This includes taking the lead in coordinating the response to any cyber event.3rd Priority - 30%
Collect data on current security systems for risk analysis and write regular status reports on findings. Design and implement internal threat monitoring scenarios using data analysis tools. Analyze and detect signs of data leakage and report to management if unauthorized activity is found.4th Priority - 10%
Provide information security consulting services to key stakeholders across all business departments.Education/Certification
Bachelor’s degree or comparative experience with emphasis on information securityAdvanced degree and/or certification(s) in cyber security a plusOverall Experience
8+ years of experience in an organization with mature security processes3+ years of experience in conducting hands-on security penetration tests or and vulnerability management. Experience working on Red Teams to identify vulnerabilities with Internet facing business systems is preferred.3+ years of experience within information security incident response, cybersecurity, and/or IT risk managementFamiliar with security related regulations and compliance requirementsFamiliar with the information security auditing process and evidence collectionOther:Must be proactive, self-motivated, and lead team to multiple concurrent solutions.Skills
Ability to assess systems support operations and lead process improvement.Expert knowledge of penetration testing tools like BurpSuite, Kali Linux, Metasploit, John the Ripper, Nmap, Wireshark, OWASP ZAP, Aircrack-ng, Tenable Nessus, and others.Ability to manage external vendors in the development and delivery of related products, programs, and services.Able to demonstrate evidence recovery techniques, log data analytics, incident categories, IR event handling methodologies, intrusion detection systems, network protocol and packet analysis.Excellent customer service ability and strong verbal and written communication skills.Expert level knowledge and understanding of the attack chain, adversary tactics, techniques, and procedures, emerging threats and vulnerabilities.Expert level knowledge of SIEM’s, how they work, how their value can be maximized and leveraged to mature monitoring and detection processes.Requires high-level organizational, planning, analytical, and technical skills.Solid understanding of application, database, authentication, and network security principles.Pay Range$125,000 - $150,000Pay will be based on several variables that are unique to each candidate, including but not limited to, job-related skills, experience, relevant education or training, etc.
#J-18808-Ljbffr
Under the direction of Information Security management, the Cyber Security Architect is responsible for protecting Kia America (KUS) including subsidiaries from cyberattacks which can result in loss of sensitive data, harm to the company brand or disruption to business operations. This position will report to the Head of Information Security and be a key member of the Information Security team.This critical role will coordinate the information security reviews of company IT initiatives either directly or through IT service providers. This includes conducting security risk assessments, performing penetration tests, identifying threats and vulnerabilities, and presenting recommendations to address them.The Cyber Security Architect will take necessary actions and preventive measures, such as analyzing security system logs, to protect company information systems, including employee, dealer and consumer facing systems, from being compromised. This role will investigate the security vulnerabilities of company information systems and provide solutions and methods to remediate them. This role is also responsible for creating, updating, and testing the company’s incident response procedures for handling security events. This includes conducting regular table-top exercises to continuously improve the effectiveness of these procedures and minimize the recovery time and business impact of an actual security event. This role will work with internal and external parties to conduct forensic analysis to determine root causes and implement corrective and preventive plans.The Cyber Security Architect works closely with KUS business units and security service providers to develop optimal solutions for short-term and long-term enhancements of KUS’s security maturity.Major Responsibilities
1st Priority - 30%
Conduct testing to identify vulnerabilities on applications, infrastructure, and computer systems. Collaborate with the IT teams (both internal and external) to remediate or update security controls when necessary.2nd Priority - 30%
Establish security incident response policies and procedures and conduct regular training. In the event of a security breach, lead the efforts to analyze the logs and investigate the details of the incident to take appropriate actions. This includes taking the lead in coordinating the response to any cyber event.3rd Priority - 30%
Collect data on current security systems for risk analysis and write regular status reports on findings. Design and implement internal threat monitoring scenarios using data analysis tools. Analyze and detect signs of data leakage and report to management if unauthorized activity is found.4th Priority - 10%
Provide information security consulting services to key stakeholders across all business departments.Education/Certification
Bachelor’s degree or comparative experience with emphasis on information securityAdvanced degree and/or certification(s) in cyber security a plusOverall Experience
8+ years of experience in an organization with mature security processes3+ years of experience in conducting hands-on security penetration tests or and vulnerability management. Experience working on Red Teams to identify vulnerabilities with Internet facing business systems is preferred.3+ years of experience within information security incident response, cybersecurity, and/or IT risk managementFamiliar with security related regulations and compliance requirementsFamiliar with the information security auditing process and evidence collectionOther:Must be proactive, self-motivated, and lead team to multiple concurrent solutions.Skills
Ability to assess systems support operations and lead process improvement.Expert knowledge of penetration testing tools like BurpSuite, Kali Linux, Metasploit, John the Ripper, Nmap, Wireshark, OWASP ZAP, Aircrack-ng, Tenable Nessus, and others.Ability to manage external vendors in the development and delivery of related products, programs, and services.Able to demonstrate evidence recovery techniques, log data analytics, incident categories, IR event handling methodologies, intrusion detection systems, network protocol and packet analysis.Excellent customer service ability and strong verbal and written communication skills.Expert level knowledge and understanding of the attack chain, adversary tactics, techniques, and procedures, emerging threats and vulnerabilities.Expert level knowledge of SIEM’s, how they work, how their value can be maximized and leveraged to mature monitoring and detection processes.Requires high-level organizational, planning, analytical, and technical skills.Solid understanding of application, database, authentication, and network security principles.Pay Range$125,000 - $150,000Pay will be based on several variables that are unique to each candidate, including but not limited to, job-related skills, experience, relevant education or training, etc.
#J-18808-Ljbffr