Cyber Security Engineer - Automotive

We are looking for an experienced, hands-on Security Engineer to join our Automotive Security Operations Center. This role involves incident detection, initial investigation, incident triaging, and tools development. The ideal candidate will have the ability to work with both external and internal teams, collaborating with multiple departments to collect and document incidents.

Key Responsibilities: Incident Detection & Investigation: Perform incident detection, initial investigation, and incident triaging for the Automotive Security Operations Center. SIEM Integration: Integrate and enhance SIEM tools with multiple data sources from vehicles and other applications. Custom Programming: Write custom programs and queries to optimize the incident monitoring system. Standard Operating Procedures: Follow and assist in developing Standard Operating Procedures and Incident Response Plans for the Automotive Security Operations Center. Event Management: Perform event management, incident investigations, and research, recommending improvements in detection capabilities to Tier 2 and Tier 3. Team Collaboration: Collaborate with teams such as Software, IT Security, Safety, Legal, and other Cybersecurity teams to perform initial investigations, incident analysis, and event management. Reverse Engineering & Threat Hunting: Assist in performing reverse engineering, malware analysis, and threat hunting. Security Process Enhancement: Work closely with the larger Automotive Cyber Security team to enhance security processes and technologies. False Positive Reduction: Work closely with the overall SOC team to reduce false positives using data analytic tools. Required Qualifications: Bachelor of Engineering in Computer Science, Information Technology, or Cybersecurity. Minimum 2 years of direct experience in a Security Analyst role performing security incident investigation and response. Minimum 2 years of direct experience in software development. Hands-on experience with coding languages such as Python, Java, and C/C++. Experience with SIEM tools (e.g., Splunk, LogRhythm) and host/network monitoring and security tools. Proven ability to perform data analysis, incident investigations, evidence collection, and root cause analysis. Experience in creating Standard Operating Procedures. Understanding of cloud technologies, data pipelines, and APIs. Preferred Qualifications: Master of Engineering in Computer Science, Information Technology, or Cybersecurity. Knowledge of vulnerability assessment processes and tools. Familiarity with threat intelligence tools and technologies. Knowledge of software and application development methodologies.