Staff Cyber Detection Incident Analyst - Security Operations

Description

The Role

GM's Cybersecurity Team safeguards the company's global information assets, networks, and infrastructure. Our mission is to proactively defend GM against evolving cyber threats through strategic leadership, technical excellence, and innovative risk management. We seek cybersecurity professionals with advanced expertise, capable of driving enterprise security initiatives and influencing organizational resilience.

As a Staff Cyber Detection Incident Analyst on GM's Security Operations team, you will serve as a technical leader responsible for designing and advancing the enterprise's cyber detection strategy across a global, hybrid environment. You will leverage deep expertise in endpoint, network, identity, cloud, application, SaaS telemetry and product data to identify advanced threats, improve visibility, and enhance the detection ecosystems that protect GM's critical assets.

In this role, you will lead complex investigations, architect and optimize detection logic across SIEM, EDR, NDR, SOAR, cloud-native platforms and products, and integrate intelligence-driven analytics that raise GM's defensive maturity. You will work cross-functionally with engineering, cloud, response, identity, application, and threat intelligence teams to evolve detection architecture, strengthen observability, and ensure GM maintains resilient, scalable, and modernized detection capabilities.

This position requires exceptional technical depth, the ability to drive detection roadmaps, influence enterprise tooling strategy, and mentor peers. You will help integrate emerging technologies-including large-scale analytics, automation, and AI-to reduce operational friction, accelerate threat detection, and elevate the maturity of GM's global security operations.

What You'll Do

• Serve as a senior technical authority for cyber detection, providing architectural guidance and leadership across SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms.
• Lead deep-dive investigations and expert-level triage of complex security events using endpoint, network, identity, cloud, application, and SaaS telemetry.
• Drive incident escalation workflows and partner closely with Incident Response, Threat Intelligence, Cloud, Identity, and Engineering teams to ensure rapid and effective containment and remediation.
• Conduct advanced, hypothesis-driven threat hunts across on-prem, cloud (Azure, AWS, GCP), SaaS, and identity ecosystems using behavioral analytics, adversary tradecraft, and intelligence-driven methodologies.
• Correlate large-scale telemetry to uncover sophisticated attack patterns, stealthy behaviors, and systemic visibility gaps.
• Apply expert understanding of OS internals, adversary behaviors, cloud architectures, authentication protocols, and network fundamentals to assess impact and guide detection enhancements.
• Integrate threat intelligence-including IOCs, behavioral analytics, and MITRE ATT&CK techniques-into scalable detection logic, analytic frameworks, and hunting practices.
• Design, develop, and tune high-fidelity detections across:

• SIEM: advanced correlations, anomaly models, enrichment pipelines
• EDR/XDR: behavioral rules, event-pattern analytics, custom detections
• NDR: network anomalies, lateral movement detection, protocol analysis
• SOAR: high-impact automation workflows and enrichment routines
• Cloud-native tools: Microsoft Defender, Sentinel, AWS GuardDuty, GCP SCC
• SaaS platforms: O365, major IdP/IAM platforms, API telemetry sources

• Bachelor's degree in Information Security, Computer Science, Information Systems, or equivalent experience.
• 8+ years of experience in cybersecurity with specialization in detection engineering, SOC operations, incident response, threat hunting, or intrusion detection.
• Demonstrated ability to lead complex investigations and drive detection improvements at enterprise scale.
• Strong analytical skills with the ability to interpret large, complex datasets and communicate findings to both technical and executive audiences.
• Advanced experience with EDR/XDR, SIEM, NDR , identity protection platforms, cloud-native and SaaS security tools .
• Experience with vehicle security, embedded systems security, or in-vehicle telemetry.
• Experience supporting manufacturing or OT security environments.
• Strong understanding of application security, runtime observability, CI/CD pipelines, and API abuse detection techniques.
• Hands-on scripting experience ( Python, PowerShell, KQL , etc.) to enrich detections and automate investigative workflows.
• Deep experience with network security monitoring, packet analysis, and intrusion detection methodologies.
• Proven experience detecting and responding to threats in cloud environments ( Azure, AWS, GCP ).
• Demonstrated success mentoring analysts/peers and excellence working effectively in a collaborative team environment.
• Expert-level understanding of log analytics, detection engineering principles, behavioral analytics, and adversary TTPs.

• Industry certifications such as GCIA, GCIH, GCTI, GCTH, AWS/Azure/GCP Security , or equivalent advanced certifications.
• 10+ years of experience in detection engineering, threat hunting, or advanced security operations.
• Experience leading enterprise-scale security initiatives, detection modernization programs, or tooling evaluations.