IT Security Engineer

Date: Dec 23, 2024

Location: Irvine, California, US, 92606

Company: Kia America, Inc.

At Kia, we’re creating award-winning products and redefining what value means in the automotive industry. It takes a special group of individuals to do what we do, and we do it together. Our culture is fast-paced, collaborative, and innovative. Our people thrive on thinking differently and challenging the status quo. We are creating something special here, a culture of learning and opportunity, where you can help Kia achieve big things and most importantly, feel passionate and connected to your work every day.

Kia provides team members with competitive benefits including premium paid medical, dental and vision coverage for you and your dependents, 401(k) plan matching of 100% up to 6% of the salary deferral, and paid time off. Kia also offers company lease and purchase programs, company-wide holiday shutdown, paid volunteer hours, and premium lifestyle amenities at our corporate campus in Irvine, California.

Status

Exempt

Summary

Under the direction of Information Security management, the Cyber Security Architect is responsible for protecting Kia America (KUS) including subsidiaries from cyberattacks which can result in loss of sensitive data, harm to the company brand or disruption to business operations. This position will report to the Head of Information Security and be a key member of the Information Security team. 

This critical role will coordinate the information security reviews of company IT initiatives either directly or through IT service providers. This includes conducting security risk assessments, performing penetration tests, identifying threats and vulnerabilities, and presenting recommendations to address them. 

The Cyber Security Architect will take necessary actions and preventive measures, such as analyzing security system logs, to protect company information systems, including employee, dealer and consumer facing systems, from being compromised. This role will investigate the security vulnerabilities of company information systems and provide solutions and methods to remediate them. This role is also responsible for creating, updating, and testing the company’s incident response procedures for handling security events.  This includes conducting regular table-top exercises to continuously improve the effectiveness of these procedures and minimize the recovery time and business impact of an actual security event.  This role will work with internal and external parties to conduct forensic analysis to determine root causes and implement corrective and preventive plans.  

The Cyber Security Architect works closely with KUS business units and security service providers to develop optimal solutions for short-term and long-term enhancements of KUS’s security maturity. 

Major Responsibilities

1st Priority - 30%

Conduct testing to identify vulnerabilities on applications, infrastructure, and computer systems. Collaborate with the IT teams (both internal and external) to remediate or update security controls when necessary.

2nd Priority - 30%

Establish security incident response policies and procedures and conduct regular training. In the event of a security breach, lead the efforts to analyze the logs and investigate the details of the incident to take appropriate actions.  This includes taking the lead in coordinating the response to any cyber event.

3rd Priority - 30%

Collect data on current security systems for risk analysis and write regular status reports on findings. Design and implement internal threat monitoring scenarios using data analysis tools. Analyze and detect signs of data leakage and report to management if unauthorized activity is found.

4th Priority - 10%

Provide information security consulting services to key stakeholders across all business departments.

Education/Certification

  • Bachelor’s degree or comparative experience with emphasis on information security
  • Advanced degree and/or certification(s) in cyber security a plus
     

Overall Experience

  • 8+ years of experience in an organization with mature security processes
  • 3+ years of experience in conducting hands-on security penetration tests or  and vulnerability management.  Experience working on Red Teams to identify vulnerabilities with Internet facing business systems is preferred.
  • 3+ years of experience within information security incident response, cybersecurity, and/or IT risk management
  • Familiar with security related regulations and compliance requirements
  • Familiar with the information security auditing process and evidence collection

Other:

  • Must be proactive, self-motivated, and lead team to multiple concurrent solutions.

Directly Related Experience

-

Skills

Ability to assess systems support operations and lead process improvement.
Expert knowledge of penetration testing tools like BurpSuite, Kali Linux, Metasploit, John the Ripper, Nmap, Wireshark, OWASP ZAP, Aircrack-ng, Tenable Nessus, and others.
Ability to manage external vendors in the development and delivery of related products, programs, and services.
Able to demonstrate evidence recovery techniques, log data analytics, incident categories, IR event handling methodologies, intrusion detection systems, network protocol and packet analysis
Excellent customer service ability and strong verbal and written communication skills
Expert level knowledge and understanding of the attack chain, adversary tactics, techniques, and procedures, emerging threats and vulnerabilities.
Expert level knowledge of SIEM’s, how they work, how their value can be maximized and leveraged to mature monitoring and detection processes.
Requires high-level organizational, planning, analytical, and technical skills.
Solid understanding of application, database, authentication, and network security principles

Competencies

CHALLENGE - Solving Complex Problems
COLLABORATION - Building and Supporting Teams
CUSTOMER - Serving Customers
GLOBALITY - Showing Community and Social Responsibility
PEOPLE - Interacting with People at Different Levels

Pay Range

$125,000 - $150,000

Pay will be based on several variables that are unique to each candidate, including but not limited to, job-related skills, experience, relevant education or training, etc.

 

Equal Employment Opportunities

KUS provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex, including pregnancy and childbirth and related medical conditions, gender, gender identity, gender expression, age, legally protected physical disability or mental disability, legally protected medical condition, marital status, sexual orientation, family care or medical leave status, protected veteran or military status, genetic information or any other characteristic protected by applicable law.  KUS complies with applicable law governing non-discrimination in employment in every location in which KUS has offices.  The KUS EEO policy applies to all areas of employment, including recruitment, hiring, training, promotion, compensation, benefits, discipline, termination and all other privileges, terms and conditions of employment.

 

Disclaimer:  The above information on this job description has been designed to indicate the general nature and level of work performed by employees within this classification and for this position.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.


Nearest Major Market: Irvine California
Nearest Secondary Market: Los Angeles

Job Segment: Developer, Information Security, Linux, Database, Consulting, Technology