Sr. Security Operations Engineer
Sr. Security Operations Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
What You Will Bring
Minimum 8 years progressive experience in cybersecurity with proven knowledge in a security operation or SOC role focused on threat detection incident response vulnerability management or penetration testing.
2 years of experience in financial services with a strong understanding of financial threats (e.g. fraud data breaches) and regulations (e.g. PCI DSS Korean SOX GDPR).
Handson experience managing SIEM EDR IDS/IPS vulnerability scanners (e.g. Rapid7) and penetration testing tools.
Proven track record of responding to security incidents conducting vulnerability management analyzing threat intelligence and delivering penetration testing outcomes.
Experience integrating with IAM (e.g. SailPoint CyberArk) and DLP (e.g. Symantec DLP Microsoft Purview) systems.
Bachelors degree in Computer Science Cybersecurity Software Engineering Information Technology or a related field. Masters degree preferred.
At least one of the following: CISSP GCIH GCIA CEH OSCP or equivalent. Certifications in vulnerability management (e.g. GIAC GMON) or penetration testing (e.g. GPEN GWAPT) are a plus.
Knowledge of security frameworks such as NIST ISO 27001 and COBIT.
Technical Skills:
Technical expert with deep experience in security operations vulnerability management threat analysis penetration testing and financial services.
Expertise in SIEM platforms (e.g. Splunk) EDR tools (e.g. CrowdStrike) and vulnerability scanners (e.g. Rapid7).
Proficiency in penetration testing tools and methodologies (e.g. PTES OSSTMM).
Strong knowledge of threat intelligence analysis incident response processes and forensic analysis.
Experience with automation and scripting (e.g. Python PowerShell Bash) for security operations vulnerability management and penetration testing tasks.
Familiarity with IAM and DLP systems for monitoring and incident response.
Knowledge of financial systems (e.g. core banking platforms payment gateways) and their security requirements.
Soft Skills:
Strong analytical skills to investigate incidents assess vulnerabilities and analyze threats.
Excellent communication skills to document findings produce reports and collaborate with crossfunctional teams.
Ability to work under pressure in a fastpaced highstakes environment.
Preferred:
Experience with AIdriven security tools (e.g. ReliaQuest GreyMatter etc.) for threat detection and response.
Familiarity with SOAR platforms (e.g. Splunk SOAR Palo Alto Cortex XSOAR) for incident response automation.
Knowledge of financial fraud prevention techniques (e.g. transaction monitoring antimoney laundering).
Experience working with MSSPs for SOC operations support.
Understanding of emerging threats such as supply chain attacks cloudnative exploits or advanced persistent threats (APTs).
Work Environment
Employees in this class are subject to extended periods of sitting standing and walking vision to monitor and moderate noise levels. Work is performed in an office environment.
The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.
California Privacy Notice
This notice only applies to our applicants who reside in the State of California.
If you have any questions about CCPA regarding California residents or HCA team members please contact the Privacy Team at .
Who We Are
Through our service brands Hyundai Motor Finance Genesis Finance and Kia Finance Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai Genesis and Kia customers and dealerships. We provide vehicle financing leasing subscription and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow innovate and diversify we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a valuesdriven company dedicated to supporting both internal and external communities through volunteering philanthropy and the empowerment of our Employee Resource Groups. Together we strive to be the leader in financing freedom of movement.
We Take Care of Our People
Along with competitive pay as an employee of HCA you are eligible for the following benefits:
Medical Dental and Vision plans that include nocost and lowcost plan options
Immediate 401(k) matching and vesting
Vehicle purchase and lease discounts plus monthly vehicle allowances
Paid Volunteer Time Off with company donation to a charity of your choice
Tuition reimbursement
What to Expect
The Sr. Security Operations Engineer is responsible for monitoring detecting analyzing and responding to cyber threats within the organizations Security Operations Center (SOC) with a focus on securing financial systems and data. This role will collaborate with vulnerability management intelligence threat analysis and penetration tester specialists to enhance the organizations security posture. Reporting to the Senior Manager of Security Operations this role will manage security tools lead incident response perform penetration testing and collaborate with crossfunctional teams to mitigate risks. This role integrates with Identity and Access Management (IAM) Data Loss Prevention (DLP) and other cybersecurity functions ensuring compliance with financial regulations (e.g. PCI DSS GDPR SOX FFIEC).
What You Will Do
1. Security Monitoring and Threat Detection:
SOC Operations: Monitor and analyze security events in realtime using SIEM platforms (e.g. Splunk etc.) to detect and respond to threats targeting financial systems such as ransomware phishing or account takeover.
Threat Intelligence Analysis: Leverage threat intelligence platforms to analyze emerging financialspecific threats correlate intelligence with internal data and develop actionable insights to enhance detection and prevention strategies.
Alert Triage: Investigate and triage security alerts correlating data from endpoints networks and cloud environments to identify true positives and escalate critical incidents.
Behavioral Analysis: Utilize user and entity behavior analytics (UEBA) to detect anomalies such as insider threats or compromised accounts in financial applications
2. Incident Response and Remediation:
Incident Handling: Lead and support incident response activities including containment eradication and recovery for security incidents like data breaches malware infections or API exploits.
Forensic Analysis: Perform forensic investigations to determine the root cause of incidents and document findings for audits and legal purposes.
Playbook Development: Create and maintain incident response playbooks tailored to financial threats ensuring rapid and consistent response processes.
PostIncident Review: Conduct postIncident reviews to identify lessons learned recommend improvements and update security controls to prevent recurrence.
3. Security Tool Management and Optimization:
Tool Administration: Manage and configure security tools including SIEM EDR (e.g. CrowdStrike) IDS/IPS (e.g. Palo Alto) firewalls and vulnerability scanners to ensure optimal performance and coverage.
Rule Tuning: Develop and tune detection rules signatures and alerts to reduce false positives and improve detection accuracy in financial environments.
Automation: Implement automation scripts (e.g. Python PowerShell Bash) and SOAR platforms (e.g. Splunk SOAR Palo Alto Cortex XSOAR) to streamline tasks like alert enrichment incident triage or vulnerability scans.
Cloud Security Monitoring: Monitor and secure cloud environments (e.g. AWS Azure Google Cloud Oracle Cloud) using native security tools and thirdparty integrations protecting financial data and workloads.
4. Integration with IAM and DLP:
IAM Support: Collaborate with the IAM team to monitor and respond to accessrelated incidents such as unauthorized access or privilege escalation integrating with tools like SailPoint or CyberArk.
DLP Monitoring: Work with the DLP team to investigate data loss incidents leveraging DLP tools (e.g. Symantec DLP Microsoft Purview) to detect and prevent unauthorized data exfiltration.
ZeroTrust Enforcement: Support zerotrust initiatives by monitoring access patterns and enforcing least privilege principles in financial applications and systems.
5. Intelligence Threat Analysis:
Threat Research: Perform indepth analysis of threat intelligence feeds dark web sources and industry reports to identify threats relevant to financial services such as zeroday exploits or targeted campaigns.
Threat Hunting: Conduct proactive threat hunting to uncover hidden or undetected threats in financial systems using SIEM EDR and network traffic analysis tools.
Intelligence Integration: Develop and refine detection rules indicators of compromise (IOCs) and threat signatures based on intelligence analysis to improve SOC effectiveness.
Threat Briefings: Deliver regular threat intelligence briefings to SOC team leadership and stakeholders translating complex threat data into actionable recommendations.
6. Penetration Testing Deliverables:
Penetration Testing: Plan and execute penetration tests on financial systems applications and networks to identify exploitable vulnerabilities simulating realworld attacks (e.g. privilege escalation data exfiltration).
Test Scoping and Execution: Define penetration testing scope methodologies and rules of engagement while ensuring compliance with financial regulations.
Deliverable Production: Produce detailed penetration testing reports including findings exploit paths risk ratings and remediation recommendations tailored for technical and executive audiences.
Remediation Validation: Collaborate with IT and development teams to validate remediation of identified vulnerabilities retesting to confirm fixes and reduce risk exposure.
7. Collaboration and Training:
CrossFunctional Collaboration: Partner with IT Infrastructure and IT Application Teams DevOps IAM DLP and Application Security teams to integrate security operations with broader cybersecurity initiatives such as cloud migrations or fintech development.
Threat Hunting and Penetration Testing Coordination: Collaborate with threat intelligence and penetration testing teams to align hunting and testing efforts with SOC priorities.
Training and Mentoring: Mentor junior SOC analysts and engineers providing guidance on threat detection incident response vulnerability management and penetration testing.
Security Awareness: Contribute to security awareness programs educating employees on financialspecific threats like phishing social engineering or unpatched vulnerabilities.
Vulnerability Management: Collaborate with Vulnerability Management team to conduct regular vulnerability scans across networks systems and applications to identify weaknesses such as unpatched software or misconfigurations and support the patching management and/or adequate remediation plan.
8. Documentation and Reporting:
Incident Documentation: Document security incidents investigations and remediation actions in detail to support audits compliance and lessons learned.
Vulnerability and Penetration Test Reports: Produce comprehensive reports on vulnerability scans and penetration tests including risk assessments remediation plans and validation results.
Metrics and Reporting: Develop and report on SOC metrics (e.g. Mean Time to Detect Mean Time to Respond vulnerability remediation rates penetration test coverage) to demonstrate operational effectiveness.
Runbooks and Procedures: Maintain and update SOC runbooks standard operating procedures (SOPs) and knowledge bases for incident response vulnerability management and penetration testing.
Required Experience:
Senior IC
Employment Type
Full-Time
