Sr. Incident Response Manager

At Kia, we’re creating award‑winning products and redefining what value means in the automotive industry. It takes a special group of individuals to do what we do, and we do it together. Our culture is fast‑paced, collaborative, and innovative. Our people thrive on thinking differently and challenging the status quo. We are creating something special here, a culture of learning and opportunity, where you can help Kia achieve big things and most importantly, feel passionate and connected to your work every day.

Kia provides team members with competitive benefits including premium paid medical, dental and vision coverage for you and your dependents, 401(k) plan matching of 100% up to 6% of the salary deferral, and paid time off. Kia also offers company lease and purchase programs, company‑wide holiday shutdown, paid volunteer hours, and premium lifestyle amenities at our corporate campus in Irvine, California.

Status

Exempt

The Senior Incident Response (IR) Manager provides strategic and operational leadership for detecting, responding to, and eradicating cyber threats targeting Kia America (KUS) and its affiliated entities. This position oversees end‑to‑end incident response activities including triage, containment, forensics, recovery, and post‑incident analysis and ensures continuous enhancement of blue‑team capabilities across email, endpoint, identity, cloud, and network environments.

In addition, the Senior Manager drives proactive vulnerability and exposure management, enforces secure configuration baselines, and governs enterprise‑wide patch management to minimize risk and prevent incidents before they occur. The role is also accountable for aligning KUS security operations with global and regional (Kia North America) cybersecurity strategies, coordinating with affiliate IT/security teams, developing and maintaining IR playbooks, and advancing the organization’s overall security maturity through awareness programs and cross‑functional collaboration.

• Lead incident response across KUS and affiliates (triage, containment, eradication, recovery, communication)
• Coordinate internal/external stakeholders and ensure timely executive reporting.

• Detection Engineering & Threat Hunting
  • Design, implement, and tune detections mapped to MITRE ATT&CK framework across the following platforms:
  • Security Information and Event Management (SIEM)- e.g., Microsoft Sentinel
  • Security Orchestration, Automation, and Response (SOAR) - e.g., Splunk ES
  • Extended Detection and Response (XDR) - e.g., Microsoft 365 Defender
  • Email Security- e.g., Microsoft EOP/Mimecast
  • Network sensors

• Program Improvement
  • Develop IR runbooks/playbooks, automate with SOAR, run tabletop and purple‑team exercises, coordinate vulnerability remediation with IT partner, and maintain metrics/KPI for continuous improvement.
  • Maintain proactive vulnerability and exposure management, including: enterprise scanning (on‑premises, cloud, and container environments); attack surface management (ASM); configuration baselines such as Center for Internet Security (CIS) Benchmarks; patch and change governance with IT partner; measurement and reporting, such as Common Vulnerability Scoring System (CVSS) / Exploit Prediction Scoring System (EPSS); and preventive controls and system hardening.

• Email & Identity Threat Defense
  • Drive phishing and Business Email Compromise (BEC) takedown efforts; domain abuse monitoring through email authentication protocols including SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain‑based Message Authentication, Reporting, and Conformance); strengthen identity protection measures; and harden high‑risk workflows including Finance and HR.

• Digital Forensics & Malware Triage
  • Acquire and preserve digital evidence; perform host, network, and cloud forensics; analyze malware artifacts; determine root cause; and document findings and lessons learned through comprehensive incident reports.

This list of essential responsibilities and duties is not exhaustive and may be…