10873 - Application Security Engineer II - Cyber Defense jobs in United States
cer-icon
Apply on Employer Site
company-logo

Hyundai AutoEver · 6 hours ago

10873 - Application Security Engineer II - Cyber Defense

positionIrvine, CA
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$120K/yr - $170K/yr
date5+ years exp

Hyundai AutoEver America is a key affiliate of Hyundai Motor Corporation, providing cutting-edge IT services. The Application Security Engineer II will strengthen application security across the software development lifecycle by defining Secure SDLC requirements and managing security testing in CI/CD pipelines.

AutomotiveInformation TechnologySoftware

Responsibilities

Define, document, and maintain Secure SDLC policies, standards, and procedures covering:
Secure design and coding expectations
Security testing requirements
Build, release, and deployment security controls
Partner with Engineering, Platform, and AppDev teams to ensure Secure SDLC requirements are:
Practical and scalable
Integrated into existing development workflows
Clearly communicated and understood
Utilizing the standardized Risk Operation processes, support governance activities, including reviews, exceptions, and continuous improvement of SDLC security requirements
Develop, manage, and maintain a hardened cloud container image repository for application workloads
Define baseline security requirements for container images, including:
Base image selection and hardening
Patch and dependency management
Runtime security considerations
Partner with platform and application teams to drive adoption of approved images and patterns
Ensure container images are scanned, updated, and versioned in alignment with security standards
Define and implement automated security testing within CI/CD pipelines, including:
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Open-source and dependency vulnerability scanning
Tune tools and rules to balance coverage, accuracy, and developer experience
Ensure security testing is integrated early in the pipeline to enable remediation prior to final build and deployment
Partner with engineering and application teams to ensure findings from SAST, DAST, and open-source scans are incorporated into the Risk Operation function and:
Clearly triaged and prioritized
Assigned appropriate ownership
Remediated within agreed SLAs and timelines
Track remediation progress and escalate systemic or repeated issues
Validate remediation and support secure release decisions
Act as a trusted security partner to development and other relevant teams
Provide guidance on secure coding practices, vulnerability remediation, and threat patterns
Support application security reviews, threat modeling, and design discussions as needed
Contribute to continuous improvement of application security tooling, processes, and metrics

Qualification

Application SecuritySecure SDLCCI/CD IntegrationContainer SecuritySASTDASTVulnerability ManagementCloud-native EnvironmentsStakeholder ManagementTroubleshooting SkillsSecure Coding PracticesThreat ModelingBilingual English/KoreanCollaboration SkillsCommunication Skills

Required

5+ years of experience in Application Security, Product Security, or Secure Software Engineering with hands-on experience defining and implementing Secure SDLC requirements
Experience integrating SAST, DAST, and open-source vulnerability scanning into CI/CD pipelines
Bachelor's degree in Cybersecurity, Information Technology, Computer science or a related field
Practical experience securing containerized applications and managing hardened container images
Strong understanding of common application vulnerabilities (e.g., OWASP Top 10), modern CI/CD workflows and DevOps practices and secure coding and build processes
Strong troubleshooting and collaboration skills
Excellent stakeholder management and communication skills
Proficient in English for effective communication and coordination

Preferred

Hands on experience with industry leading Application Security tools for SAST, DAST and Opensource scanning
Experience with container platforms and registries (e.g., Docker, Kubernetes) and working in cloud-native application environments
Working knowledge of application threat modeling techniques is a plus
Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred
Industry-recognized credentials such as CISSP, CISM, or Application Security specific certifications (CSSLP, GWAPT, etc) are highly desirable
Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication

Company

Hyundai AutoEver

twittertwittertwitter
company-logo
Hyundai Autoever develops a mobility software platform that connects hardware and software in a flexible manner.
dateFounded in 2000
location
Offenbach, Hessen, DEU
people-size5001-10000 employees
web-link
https://www.hyundai-autoever.com

Funding

Current Stage
Late Stage

Recent News

Korea Herald
Hyundai Motor hits new high on robotics push
2026-01-14
Just-Auto
TomTom introduces ADAS software toolkit for vehicle makers
2026-01-06
GlobeNewswire
HERE Technologies and Hyundai AutoEver expand online navigation partnership to deliver intelligent, digital cockpit experiences
2026-01-05
Company data provided by crunchbase