10873 - Application Security Engineer II - Cyber Defense jobs in United States
cer-icon
Apply on Employer Site
company-logo

Hyundai AutoEver America · 9 hours ago

10873 - Application Security Engineer II - Cyber Defense

positionIrvine, CA
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$120K/yr - $170K/yr
date5+ years exp

Hyundai AutoEver America is a leading IT services provider for the automotive industry, supporting brands like Kia and Genesis. They are seeking an Application Security Engineer II to enhance application security throughout the software development lifecycle by defining Secure SDLC requirements, managing container security, and integrating automated security testing into CI/CD pipelines.

Automotive
check
H1B Sponsor Likelynote

Responsibilities

Define, document, and maintain Secure SDLC policies, standards, and procedures covering:
Secure design and coding expectations
Security testing requirements
Build, release, and deployment security controls
Partner with Engineering, Platform, and AppDev teams to ensure Secure SDLC requirements are:
Practical and scalable
Integrated into existing development workflows
Clearly communicated and understood
Utilizing the standardized Risk Operation processes, support governance activities, including reviews, exceptions, and continuous improvement of SDLC security requirements
Develop, manage, and maintain a hardened cloud container image repository for application workloads
Define baseline security requirements for container images, including:
Base image selection and hardening
Patch and dependency management
Runtime security considerations
Partner with platform and application teams to drive adoption of approved images and patterns
Ensure container images are scanned, updated, and versioned in alignment with security standards
Define and implement automated security testing within CI/CD pipelines, including:
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Open-source and dependency vulnerability scanning
Tune tools and rules to balance coverage, accuracy, and developer experience
Ensure security testing is integrated early in the pipeline to enable remediation prior to final build and deployment
Partner with engineering and application teams to ensure findings from SAST, DAST, and open-source scans are incorporated into the Risk Operation function and:
Clearly triaged and prioritized
Assigned appropriate ownership
Remediated within agreed SLAs and timelines
Track remediation progress and escalate systemic or repeated issues
Validate remediation and support secure release decisions
Act as a trusted security partner to development and other relevant teams
Provide guidance on secure coding practices, vulnerability remediation, and threat patterns
Support application security reviews, threat modeling, and design discussions as needed
Contribute to continuous improvement of application security tooling, processes, and metrics

Qualification

Application SecuritySecure SDLCCI/CD IntegrationContainer SecuritySASTDASTVulnerability ManagementCloud-native EnvironmentsOWASP Top 10Troubleshooting SkillsStakeholder ManagementSecure Coding PracticesThreat ModelingContinuous ImprovementTechnical ExcellenceCollaboration SkillsCommunication Skills

Required

5+ years of experience in Application Security, Product Security, or Secure Software Engineering with hands-on experience defining and implementing Secure SDLC requirements
Experience integrating SAST, DAST, and open-source vulnerability scanning into CI/CD pipelines
Bachelor's degree in Cybersecurity, Information Technology, Computer science or a related field
Practical experience securing containerized applications and managing hardened container images
Strong understanding of common application vulnerabilities (e.g., OWASP Top 10), modern CI/CD workflows and DevOps practices and secure coding and build processes
Strong troubleshooting and collaboration skills
Excellent stakeholder management and communication skills
Proficient in English for effective communication and coordination

Preferred

Hands on experience with industry leading Application Security tools for SAST, DAST and Opensource scanning
Experience with container platforms and registries (e.g., Docker, Kubernetes) and working in cloud-native application environments
Working knowledge of application threat modeling techniques is a plus
Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred
Industry-recognized credentials such as CISSP, CISM, or Application Security specific certifications (CSSLP, GWAPT, etc) are highly desirable
Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication

Company

Hyundai AutoEver America

twittertwitter
company-logo
Hyundai AutoEver is an automobile sales internet company.
dateFounded in 2005
location
Fountain Valley, California, USA
people-size201-500 employees
web-link
https://www.autoeveramerica.com

H1B Sponsorship

Hyundai AutoEver America has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (24)
2024 (22)
2023 (12)
2022 (12)
2021 (15)
2020 (11)

Funding

Current Stage
Public Company
Total Funding
unknown
2019-03-28IPO

Leadership Team

leader-logo
Steve Basra
Chief Operating Officer & Chief Digital Information Officer
linkedin

Recent News

Security Week
Automotive IT Firm Hyundai AutoEver Discloses Data Breach
2025-11-11
Lynch Carpenter
Hyundai AutoEver America Data Breach Claims Investigated by Lynch Carpenter
2025-11-08
TechChannel News
Data breach at Hyundai AutoEver America exposes 2.7m customer data
2025-11-08
Company data provided by crunchbase