Penetration Test Engineer

At Kia, we’re creating award-winning products and redefining what value means in the automotive industry. It takes a special group of individuals to do what we do, and we do it together. Our culture is fast-paced, collaborative, and innovative. Our people thrive on thinking differently and challenging the status quo. We are creating something special here, a culture of learning and opportunity, where you can help Kia achieve big things and most importantly, feel passionate and connected to your work every day.

Kia provides team members with competitive benefits including premium paid medical, dental and vision coverage for you and your dependents, 401(k) plan matching of 100% up to 6% of the salary deferral, and paid time off. Kia also offers company lease and purchase programs, company-wide holiday shutdown, paid volunteer hours, and premium lifestyle amenities at our corporate campus in Irvine, California.

Status

Exempt

Summary

Under the direction of Information Security management, the Penetration Test Engineer is responsible for protecting Kia America (KUS) including subsidiaries from cyberattacks which can result in loss of sensitive data, harm to the company brand or disruption to business operations. This position will report to the Manager, Information Security and be a key member of the Information Security team. 

This critical role will coordinate the information security reviews of company IT initiatives either directly or through IT service providers. This includes conducting security risk assessments, performing penetration tests, identifying threats and vulnerabilities, and presenting recommendations to address them. 

The Penetration Test Engineer will take necessary actions and preventive measures, such as analyzing security system logs, to protect company information systems, including employee, dealer and consumer facing systems, from being compromised. This role will investigate the security vulnerabilities of company information systems and provide solutions and methods to remediate them. This role is also responsible for creating, updating, and testing the company’s incident response procedures for handling security events.  This includes conducting regular table-top exercises to continuously improve the effectiveness of these procedures and minimize the recovery time and business impact of an actual security event.  This role will work with internal and external parties to conduct forensic analysis to determine root causes and implement corrective and preventive plans.  

The Penetration Test Engineer works closely with KUS business units and security service providers to develop optimal solutions for short-term and long-term enhancements of KUS’s security maturity. 
 

Major Responsibilities

1st Priority - 70%

• Conduct penetration tests against Kia America’s corporate web/business applications, servers, APIs, mobile apps, networks, cloud environments and connected cars.
• Create detailed technical reports describing discovered vulnerabilities, approach taken to identify them, method to duplicate findings, vulnerability risk level and recommendations to mitigate the risks.
• Oversee, or perform, all penetration test phases (Reconnaissance, Scanning, Vulnerability Assessment, Exploitation, Remediation and Reporting)
• Stay current on new and emerging security threats and the security tools and methods necessary to mitigate them.
   

2nd Priority - 30%

• Establish security incident response policies and procedures and conduct regular training. 
• Conduct table-top exercises to verify incident response procedures and documentation are effective.
• In the event of a security event, lead the efforts to analyze logs and investigate details of the event to take appropriate actions

Education/Certification

• Bachelor’s degree or comparative experience with emphasis on information security
• Advanced degree and/or certification(s) in cyber security a plus
   

Overall Experience

• 8+ years of experience in an organization with mature security practices
• 3+ years of experience in conducting hands-on security penetration tests and vulnerability management.  Experience working on Red Teams to identify vulnerabilities with Internet facing business systems is preferred.
• 3+ years of experience within information security incident response, cybersecurity, and/or IT risk management
• Experience with conducting penetration testing on vehicles a plus
• Substantial experience, and successes, in CTF competitions and/or bug bounty programs.
• Familiar with security related regulations and compliance requirements
• Familiar with the information security auditing process and evidence collection

Other:

• Must be proactive, self-motivated, and lead team to multiple concurrent solutions.

Directly Related Experience

-

Skills

Skilled in leading cross-functional teams in responding to security eventsDeep knowledge of IT and security infrastructure (Networks, Server HW & SW, Security Components (FW, IPS, IDS, EDS, etc.)Skilled with automation and scripting (Python)Advanced level of expertise with penetration testing tools (Burp Suite, Kali Linux, Metasploit, John the Ripper, Nmap, Wireshark, OWASP ZAP, Aircrack-ng, Tenable Nessus, and others)Skilled in identifying application vulnerabilities (OWASP) and advising application teams on how to remediate themAbility to manage external vendors in the development and delivery of related products, programs, and services.Excellent customer service ability and strong verbal and written communication skillsExpert level knowledge and understanding of the attack chain, adversary tactics, techniques, and procedures, emerging threats and vulnerabilities.Expert level knowledge of SIEM’s, how they work, how their value can be maximized and leveraged to mature monitoring and detection processes.Requires high-level organizational, planning, analytical, and technical skills.

Competencies

Care for PeopleChase Excellence, Every DayDare to Push BoundariesEmpower People to ActMove Further, Together

Pay Range

$125,000 - $150,000

Pay will be based on several variables that are unique to each candidate, including but not limited to, job-related skills, experience, relevant education or training, etc.

 

Equal Employment Opportunities

KUS provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex, including pregnancy and childbirth and related medical conditions, gender, gender identity, gender expression, age, legally protected physical disability or mental disability, legally protected medical condition, marital status, sexual orientation, family care or medical leave status, protected veteran or military status, genetic information or any other characteristic protected by applicable law.  KUS complies with applicable law governing non-discrimination in employment in every location in which KUS has offices.  The KUS EEO policy applies to all areas of employment, including recruitment, hiring, training, promotion, compensation, benefits, discipline, termination and all other privileges, terms and conditions of employment.

 

Disclaimer:  The above information on this job description has been designed to indicate the general nature and level of work performed by employees within this classification and for this position.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.