Cybersecurity Incident Responder

Who We Are

Through our service brands Hyundai Motor Finance Genesis Finance and Kia Finance Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai Genesis and Kia customers and dealerships. We provide vehicle financing leasing subscription and insurance solutions to over 3 million consumers and businesses. Embodying our commitment to grow innovate and diversify we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering philanthropy and the empowerment of our Employee Resource Groups. Together we strive to be the leader in financing freedom of movement.

We Take Care of Our People

Along with competitive pay as an employee of HCA you are eligible for:

Medical dental and vision plans with no-cost and low-cost options

Annual employer HSA contribution

401(k) matching and immediate vesting

Vehicle purchase and lease discounts plus monthly vehicle allowances by job level:

o Associate / Sr. Associate: $350

o Manager / Sr. Manager: $600

o Director: $800

o Executive Director: $900

o VP or Above: $1000

100% employer-paid life and disability insurance

No-cost health and wellbeing programs including a gym benefit

Six weeks of paid parental leave

Paid Volunteer Time Off plus a company donation to a charity of your choice

What to Expect

The Cybersecurity Incident Responder is a hand-on technical role responsible for the enterprise-wide incident monitoring threat detection and incident response function within the Security Operations Center (SOC). This position is primarily focused on incident response and active security monitoring serving as the escalation point for security alerts triage investigation containment and remediation activities while ensuring integrity confidentiality and availability of Hyundai Capital Americas digital assets and infrastructure. This role operates in a co-managed SOC model overseeing and directing third party vendors of incident response resources driving detection turning and maintaining incident response playbooks and procedures.

What You Will Do

Incident Response & Remediation:

Serve as a lead responder for cybersecurity incidents correlating data from endpoints networks and cloud environments to identify true positives and escalate critical incidents.

Own the end to end incident lifecycle: identification containment eradication recovery and post incident analysis.

Perform forensic analysis on endpoint log and cloud data to determine root cause scope and impact.

Develop maintain an execute incident response playbooks and runbooks to ensure consistent and repeatable response.

Coordinate and direct MSSP and third party incident responders validating escalation and ensuring response quality.

Maintain accurate incident records investigation notes and remediation documentation.

Produce incident metrics and SOC KPIs (MTTD MTTR alert volume escalation quality)

Maintain incident response documentation playbooks and SOC procedures to support audits and regulatory requirements.

Lead post incident reviews documenting lessons learned and driving measurable improvements in detection and response.

Security Monitoring & Threat Detection:

Actively monitor investigate and validate security alerts across SIEM EDR E-Mail identity network and cloud platforms.

Perform advanced alert triage and threat analysis correlating telemetry across multiple data sources to distinguish true threats from noise.

Tune and optimize SIEM detections analytics and alerting logic and AI to improve signal quality and reduce false positives.

Leverage threat intelligence platforms to identify emerging financial sector threats and translate intelligence into actionable detection use cases.

SOC Tooling & Detection Enablement:

Develop and refine detection rules signatures and alert logic aligned to current threat activity.

Implement response automation and enrichment to accelerate triage and containment.

Partner with architecture and engineering teams to ensure log visibility and telemetry coverage.

Cross Functional Response & Security Integration:

Collaborate with IT Infrastructure IAM DLP Application Security and Cloud teams during active incidents.

Support vulnerability management activities related to active incidents threat exposure and detection gaps.

Provide incident driven security input into cloud migrations application launches and infrastructure changes.

What You Will Bring

Minimum 5-7 years progressive experience in cybersecurity with proven knowledge in Security Operations Center practices and incident response processes.

Experience in financial services a plus.

Hands-on experience with SIEM platforms EDR solutions and other Monitoring and Vulnerability management tools (e.g. Splunk Crowdstrike Rapid 7)

Strong understanding of cyber threat landscapes attack vectors MITRE ATT&CK framework and adversary tactics techniques and procedures

Bachelors degree in Computer Science Information Security or related field; or equivalent work experience.

Certification in one of the following: CySA GCIH CompTIA Security GIAC GSOC GCFA MS SC-200 CCSP CISM Splunk Core Certified User or equivalent.

Demonstrated hands-on experience in incident response lifecycle including detection triage containment eradication recovery and post-incident review.

Demonstrated ability to manage major incident investigations including root cause analysis executive reporting and coordination with legal compliance and law enforcement when necessary.

Familiarity with regulatory and compliance frameworks such as HIPAA PCI-DSS NIST ISO 27001 and GDPR.

Proven ability to develop and maintain incident response playbooks escalation procedures and SOC standard operating procedures (SOPs).

Experience with cybersecurity metrics and KPIs and the ability to communicate risk and operational performance to executive leadership.

Analytical mindset with attention to detail.

Excellent communication and documentation skills.

Ability to work under pressure and manage multiple incidents simultaneously.

Passion for continuous learning and staying ahead of emerging threats.

Work Environment

Employees in this class are subject to extended periods of sitting standing and walking vision to monitor and moderate noise levels. Work is performed in an at home and office environment.

The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.

California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice at or before the point of collection about the categories of personal information to be collected from you the purposes for which your personal information is collected or used and whether that information is sold or shared so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018 as amended as amended by the California Privacy Rights Act of 2020 (CCPA).

If you have any questions about CCPA regarding California residents or HCA team members please contact the Privacy Team at .