Sr. Incident Response Manager

General Summary

The Senior Incident Response (IR) Manager provides strategic and operational leadership for detecting, responding to, and eradicating cyber threats targeting Kia America (KUS) and its affiliated entities. This position oversees end-to-end incident response activities including triage, containment, forensics, recovery, and post-incident analysis and ensures continuous enhancement of blue-team capabilities across email, endpoint, identity, cloud, and network environments.

In addition, the Senior Manager drives proactive vulnerability and exposure management, enforces secure configuration baselines, and governs enterprise-wide patch management to minimize risk and prevent incidents before they occur. The role is also accountable for aligning KUS security operations with global and regional (Kia North America) cybersecurity strategies, coordinating with affiliate IT/security teams, developing and maintaining IR playbooks, and advancing the organization’s overall security maturity through awareness programs and cross-functional collaboration.

Essential Duties and Responsibilities

Priority One – 20% of Time

• Lead incident response across KUS and affiliates (triage, containment, eradication, recovery, communication)
• Coordinate internal/external stakeholders and ensure timely executive reporting. 

Priority Two – 20% of Time

• Detection Engineering & Threat Hunting
  • Design, implement, and tune detections mapped to MITRE ATT&CK framework across the following platforms: 
    • Security Information and Event Management (SIEM)- e.g., Microsoft Sentinel
    • Security Orchestration, Automation, and Response (SOAR) - e.g., Splunk ES
    • Extended Detection and Response (XDR) - e.g., Microsoft 365 Defender
    • Email Security- e.g., Microsoft EOP/Mimecast
    • Network sensors

Priority Three – 20% of Time

• Program Improvement
  • Develop IR runbooks/playbooks, automate with SOAR, run tabletop and purple-team exercises, coordinate vulnerability remediation with IT partner, and maintain metrics/KPI for continuous improvement.
  • Maintain proactive vulnerability and exposure management, including: enterprise scanning (on-premises, cloud, and container environments); attack surface management (ASM); configuration baselines such as Center for Internet Security (CIS) Benchmarks; patch and change governance with IT partner; measurement and reporting, such as Common Vulnerability Scoring System (CVSS) / Exploit Prediction Scoring System (EPSS); and preventive controls and system hardening.

Priority Four – 20% of Time

• Email & Identity Threat Defense
  • Drive phishing and Business Email Compromise (BEC) takedown efforts; domain abuse monitoring through email authentication protocols including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance); strengthen identity protection measures; and harden high-risk workflows including Finance and HR.

Priority Five – 20% of Time

• Digital Forensics & Malware Triage
  • Acquire and preserve digital evidence; perform host, network, and cloud forensics; analyze malware artifacts; determine root cause; and document findings and lessons learned through comprehensive incident reports.

This list of essential responsibilities and duties is not exhaustive and may be supplemented and changed as necessary by management.
 

Qualifications/Education

• Bachelor’s degree in Computer Science, Information Technology, or a related field required. 
• Master’s degree preferred.
   

Job Requirement

• 5-7 years of cybersecurity experience in organizations with mature security processes, including 5-7 years of hands-on technical work and 2-4 years specializing in enterprise-scale incident response and blue team operations.
• In-depth knowledge and practical experience with various IT and security systems
• Familiar with security related regulations and compliance requirements
• Experience in policy development and implementation.
• Strong understanding of security frameworks and standards (e.g., NIST, ISO, CIS).
• Strong understanding of network security, applications, cloud, and infrastructure

Other Requirements

• 20% of domestic or international travel.
• Job demands may include confidentiality, problem solving, reasoning skills, oral communication, written communication, and ability to effectively communicate with executive as well as technical audience
• Must be able to maintain focus and attention to detail in a fast-paced environment.
• Ability to analyze information and make sound decisions under time constraints.
• Problem-solving skills and the ability to work independently
• Must be able to respond to challenges with poise and agility.
• Ability to handle competing priorities effectively and with composure.
• Must be able to calmly and confidently lead multiple cross-disciplined teams during stressful situations.
• Other duties as assigned.
   

Specialized Skills and Knowledge Required

• Practical expertise with SIEM/XDR/SOAR (e.g., Microsoft Sentinel, Microsoft 365 Defender suite, Splunk ES), EDR (e.g., Defender for Endpoint, Sentinel One), email security (e.g., Mimecast), and Infra/Network vulnerability scanning tools (e.g., Rapid7, Qualys, Nessus, and Nmap, Wireshark) 
• Strong understanding of authentication and email security (SPF/DKIM/DMARC), identity protection (MFA/Conditional Access), and log sources across Windows, O365, Azure, and common SaaS.