Hyundai Autoever America
10873 - Application Security Engineer II - Cyber Defense
Be an Early Applicant
The Application Security Engineer II is responsible for implementing security standards within the software development lifecycle, managing hardened container images, and integrating automated security testing processes in CI/CD pipelines, while guiding development teams on security practices.
Cyber Defense, Application Security Engineer II
Location – Irvine, CA
Company Overview
Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.
HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.
At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.
If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.
What You Will Be Doing
The Application Security Engineer II plays a key role in strengthening application security across the software development lifecycle. This role sits within the Cyber Defense organization and is responsible for defining and documenting Secure SDLC requirements, developing and managing a hardened cloud container image repository, and embedding automated security testing into CI/CD pipelines.
The role requires hands-on technical capability combined with the ability to define standards, influence development teams, and ensure vulnerabilities are identified and remediated before final build and release, in alignment with agreed remediation timelines. The key responsibilities of this role are as described below:
Secure SDLC Requirements & Standards
Container Security & Hardened Images
CI/CD Security Tooling & Integration
Vulnerability Management & Remediation
Collaboration & Enablement
Basic Qualifications:
Preferred Qualifications:
Team Culture:
The team fosters a high-performance, collaborative environment centered around proactive technology risk management and excellent customer service. Members are expected to lead with accountability, communicate effectively across functions, and adapt to dynamic challenges. The culture values technical excellence, continuous improvement, and global coordination, ensuring technology risks are well managed.
Base Salary Range: $120,00 - $170,000
Our Company adheres to the equal employment opportunity guidelines set forth by federal, state and local laws. The information requested on this form is sought in good faith and will not be used to discriminate against the applicant based on race, religion or creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic characteristics, marital status, sex or gender (which includes pregnancy, childbirth, or related circumstances), gender identity, gender expression, age, citizenship, sexual orientation, family care or medical leave status, military and veteran status, political affiliation, or any other characteristic protected by federal, state and local laws. Our Company adheres to the equal employment opportunity guidelines set forth by federal, state and local laws. The information requested on this form is sought in good faith and will not be used to discriminate against the applicant based on race, religion or creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic characteristics, marital status, sex or gender (which includes pregnancy, childbirth, or related circumstances), gender identity, gender expression, age, citizenship, sexual orientation, family care or medical leave status, military and veteran status, political affiliation, or any other characteristic protected by federal, state and local laws.
Location – Irvine, CA
Company Overview
Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.
HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.
At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.
If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.
What You Will Be Doing
The Application Security Engineer II plays a key role in strengthening application security across the software development lifecycle. This role sits within the Cyber Defense organization and is responsible for defining and documenting Secure SDLC requirements, developing and managing a hardened cloud container image repository, and embedding automated security testing into CI/CD pipelines.
The role requires hands-on technical capability combined with the ability to define standards, influence development teams, and ensure vulnerabilities are identified and remediated before final build and release, in alignment with agreed remediation timelines. The key responsibilities of this role are as described below:
Secure SDLC Requirements & Standards
- Define, document, and maintain Secure SDLC policies, standards, and procedures covering:
- Secure design and coding expectations
- Security testing requirements
- Build, release, and deployment security controls
- Partner with Engineering, Platform, and AppDev teams to ensure Secure SDLC requirements are:
- Practical and scalable
- Integrated into existing development workflows
- Clearly communicated and understood
- Utilizing the standardized Risk Operation processes, support governance activities, including reviews, exceptions, and continuous improvement of SDLC security requirements.
Container Security & Hardened Images
- Develop, manage, and maintain a hardened cloud container image repository for application workloads.
- Define baseline security requirements for container images, including:
- Base image selection and hardening
- Patch and dependency management
- Runtime security considerations
- Partner with platform and application teams to drive adoption of approved images and patterns.
- Ensure container images are scanned, updated, and versioned in alignment with security standards.
CI/CD Security Tooling & Integration
- Define and implement automated security testing within CI/CD pipelines, including:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Open-source and dependency vulnerability scanning
- Tune tools and rules to balance coverage, accuracy, and developer experience.
- Ensure security testing is integrated early in the pipeline to enable remediation prior to final build and deployment.
Vulnerability Management & Remediation
- Partner with engineering and application teams to ensure findings from SAST, DAST, and open-source scans are incorporated into the Risk Operation function and:
- Clearly triaged and prioritized
- Assigned appropriate ownership
- Remediated within agreed SLAs and timelines
- Track remediation progress and escalate systemic or repeated issues.
- Validate remediation and support secure release decisions.
Collaboration & Enablement
- Act as a trusted security partner to development and other relevant teams.
- Provide guidance on secure coding practices, vulnerability remediation, and threat patterns.
- Support application security reviews, threat modeling, and design discussions as needed.
- Contribute to continuous improvement of application security tooling, processes, and metrics.
Basic Qualifications:
- Experience: 5+ years of experience in Application Security, Product Security, or Secure Software Engineering with hands-on experience defining and implementing Secure SDLC requirements. Experience integrating SAST, DAST, and open-source vulnerability scanning into CI/CD pipelines
- Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
- Technical Expertise: Practical experience securing containerized applications and managing hardened container images. Strong understanding of common application vulnerabilities (e.g., OWASP Top 10), modern CI/CD workflows and DevOps practices and secure coding and build processes. Strong troubleshooting and collaboration skills.
- Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.
Preferred Qualifications:
- Experience: Hands on experience with industry leading Application Security tools for SAST, DAST and Opensource scanning. Experience with container platforms and registries (e.g., Docker, Kubernetes) and working in cloud-native application environments. Working knowledge of application threat modeling techniques is a plus.
- Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, or Application Security specific certifications (CSSLP, GWAPT, etc) are highly desirable.
- Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.
Team Culture:
The team fosters a high-performance, collaborative environment centered around proactive technology risk management and excellent customer service. Members are expected to lead with accountability, communicate effectively across functions, and adapt to dynamic challenges. The culture values technical excellence, continuous improvement, and global coordination, ensuring technology risks are well managed.
Base Salary Range: $120,00 - $170,000
Our Company adheres to the equal employment opportunity guidelines set forth by federal, state and local laws. The information requested on this form is sought in good faith and will not be used to discriminate against the applicant based on race, religion or creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic characteristics, marital status, sex or gender (which includes pregnancy, childbirth, or related circumstances), gender identity, gender expression, age, citizenship, sexual orientation, family care or medical leave status, military and veteran status, political affiliation, or any other characteristic protected by federal, state and local laws. Our Company adheres to the equal employment opportunity guidelines set forth by federal, state and local laws. The information requested on this form is sought in good faith and will not be used to discriminate against the applicant based on race, religion or creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic characteristics, marital status, sex or gender (which includes pregnancy, childbirth, or related circumstances), gender identity, gender expression, age, citizenship, sexual orientation, family care or medical leave status, military and veteran status, political affiliation, or any other characteristic protected by federal, state and local laws.
Top Skills
Ci/Cd
Dast
Docker
Kubernetes
Sast
Secure Sdlc
Hyundai Autoever America Fountain Valley, California, USA Office
10550 Talbert Avenue, 3rd Floor, Fountain Valley, CA, United States, 92780
Similar Jobs
Artificial Intelligence • Machine Learning • Software • Defense
Vannevar is seeking a Senior Software Engineer to lead the deployment of AI-enabled software products in government environments, focusing on security and compliance. Responsibilities include roadmap ownership, technical design, mentorship, and documentation.
Top Skills:
AWSNode.jsPythonReact
.jpg)
Marketing Tech • Mobile • Software
The Customer Account Executive manages and grows customer relationships, focusing on account growth, retention, and collaboration with cross-functional teams to drive customer satisfaction.
Top Skills:
Ms Office SuiteSalesforce.Com Crm
Artificial Intelligence • Cloud • Machine Learning • Mobile • Software • Virtual Reality • App development
As a Finite Element Analysis Engineer, you'll conduct structural simulations, collaborate with cross-functional teams, and optimize designs for AR products.
Top Skills:
Ansys MechanicalLs-DynaNxProeSolidworks
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
