Sr. Incident Response Manager

Sr. Incident Response Manager

Company: Kia America, Inc. Location: Irvine, CA, US

The Senior Incident Response (IR) Manager provides strategic and operational leadership for detecting, responding to, and eradicating cyber threats targeting Kia America (KUS) and its affiliated entities. This position oversees end-to-end incident response activities including triage, containment, forensics, recovery, and post-incident analysis and ensures continuous enhancement of blue-team capabilities across email, endpoint, identity, cloud, and network environments. In addition, the Senior Manager drives proactive vulnerability and exposure management, enforces secure configuration baselines, and governs enterprise-wide patch management to minimize risk and prevent incidents before they occur. The role is also accountable for aligning KUS security operations with global and regional (Kia North America) cybersecurity strategies, coordinating with affiliate IT/security teams, developing and maintaining IR playbooks, and advancing the organization's overall security maturity through awareness programs and cross-functional collaboration.

Essential Duties and Responsibilities

• Priority One – 20% of Time Lead incident response across KUS and affiliates (triage, containment, eradication, recovery, communication)
• Priority Two – 20% of Time Detection Engineering & Threat Hunting Design, implement, and tune detections mapped to MITRE ATT&CK framework across the following platforms: Security Information and Event Management (SIEM)- e.g., Microsoft Sentinel Security Orchestration, Automation, and Response (SOAR) - e.g., Splunk ES Extended Detection and Response (XDR) - e.g., Microsoft 365 Defender Email Security- e.g., Microsoft EOP/Mimecast Network sensors
• Priority Three – 20% of Time Program Improvement Develop IR runbooks/playbooks, automate with SOAR, run tabletop and purple-team exercises, coordinate vulnerability remediation with IT partner, and maintain metrics/KPI for continuous improvement.
• Priority Four – 20% of Time Email & Identity Threat Defense Drive phishing and Business Email Compromise (BEC) takedown efforts; domain abuse monitoring through email authentication protocols including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance); strengthen identity protection measures; and harden high-risk workflows including Finance and HR.
• Priority Five – 20% of Time Digital Forensics & Malware Triage Acquire and preserve digital evidence; perform host, network, and cloud forensics; analyze malware artifacts; determine root cause; and document findings and lessons learned through comprehensive incident reports.

This list of essential responsibilities and duties is not exhaustive and may be supplemented and changed as necessary by management.

Qualifications/Education

Bachelor's degree in Computer Science, Information Technology, or a related field required. Master's degree preferred. Job Requirement 5-7 years of cybersecurity experience in organizations with mature security processes, including 5-7 years of hands-on technical work and 2-4 years specializing in enterprise-scale incident response and blue team operations. In-depth knowledge and practical experience with various IT and security systems Familiar with security related regulations and compliance requirements Experience in policy development and implementation. Strong understanding of security frameworks and standards (e.g., NIST, ISO, CIS). Strong understanding of network security, applications, cloud, and infrastructure

Other Requirements

20% of domestic or international travel. Job demands may include confidentiality, problem solving, reasoning skills, oral communication, written communication, and ability to effectively communicate with executive as well as technical audience Must be able to maintain focus and attention to detail in a fast-paced environment. Ability to analyze information and make sound decisions under time constraints. Problem-solving skills and the ability to work independently Must be able to respond to challenges with poise and agility. Ability to handle competing priorities effectively and with composure. Must be able to calmly and confidently lead multiple cross-disciplined teams during stressful situations. Other duties as assigned.

Specialized Skills and Knowledge Required

Practical expertise with SIEM/XDR/SOAR (e.g., Microsoft Sentinel, Microsoft 365 Defender suite, Splunk ES), EDR (e.g., Defender for Endpoint, Sentinel One), email security (e.g., Mimecast), and Infra/Network vulnerability scanning tools (e.g., Rapid7, Qualys, Nessus, and Nmap, Wireshark) Strong understanding of authentication and email security (SPF/DKIM/DMARC), identity protection (MFA/Conditional Access), and log sources across Windows, O365, Azure, and common SaaS.

Competencies

Care for People Chase Excellence Every Day Dare to Push Boundaries Empower People to Act Move Further Together

Pay Range

$123,279 - $177,697 Pay will be based on several variables that are unique to each candidate, including but not limited to, job-related skills, experience, relevant education or training, etc.

Equal Employment Opportunities

KUS provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex, including pregnancy and childbirth and related medical conditions, gender, gender identity, gender expression, age, legally protected physical disability or mental disability, legally protected medical condition, marital status, sexual orientation, family care or medical leave status, protected veteran or military status, genetic information or any other characteristic protected by applicable law. KUS complies with applicable law governing non-discrimination in employment in every location in which KUS has offices. The KUS EEO policy applies to all areas of employment, including recruitment, hiring, training, promotion, compensation, benefits, discipline, termination and all other privileges, terms and conditions of employment. Disclaimer : The above information on this job description has been designed to indicate the general nature and level of work performed by employees within this classification and for this position. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.