Associate Cybersecurity Engineer

Our Purpose: We pioneer the innovations that move and connect people to what matters.

Responsibilities

About the Role

The Associate Cybersecurity Engineer is responsible for performing and evaluating vulnerability scanning, reporting detection results, maintaining scanning systems and procedures; and identifying and mitigate threats to the enterprise network, technical assets, applications, and enterprise users. This team member will identify core requirements, design, and implement security technologies, and work with stakeholders to perform ongoing tuning and alerting on those technologies. Security technologies may include, but are not limited to: vulnerability scanners, Data Loss Prevention (DLP), Security Incident Event Management (SIEM), User Behavior Analytics, Host Intrusion Prevention (HIPS), Web Application Firewall (WAF), DevSecOps Pipelines, database management, and Web/Email Gateway. This team member will be responsible for both technical implementation of systems and communication of security requirements to management and security leadership. Additionally, this team member will be responsible, as necessary, with assisting in investigations into security threats.

Job Duties:
• Perform software vulnerability scanning and source code analysis using security testing tools and processes used to expose known and undocumented vulnerabilities in various information systems.
• Conduct source code reviews and software penetration tests to confirm existence of vulnerabilities and communicate findings to support teams for resolution.
• Ability to review source code written in numerous modern code languages and determine if security vulnerabilities exist.
• Develop vulnerability data analysis and reporting tools including SQL and other database technologies as required.
• Using strong interpersonal skills to articulate vulnerabilities details to technical and not-technical audiences
• Provide technical understanding of vulnerabilities and exploits using knowledge of coding frameworks as well as web and cloud application infrastructures.
• Ability to articulate vulnerability details to support vulnerability mitigation configuration for software and web application migration devices (WAF, API gateways, etc.)
• Using creative thought, technical understanding of exploits, and attacker behaviors provide additional details on how software applications are at risk of penetration.
• Creation of vulnerability reports and metrics to disseminate to support teams based on operational hierarchies.
Pluses:
• Prior coding experience in web development.
• Prior experience in cloud development, CICD, and/or DevOps.
• Prior code development in one or more of the following: Python, Node.js, React, Express.

Qualifications

What makes you an ideal candidate?

• Strong technical skills and hands on experience in information security as it relates to server security, client security, user security, network communications, and data storage.
• Practical experience implementing vulnerability security solutions, including vulnerability scanners, and performing initial tuning and monitoring in the environment.
• Proven expertise developing custom rule sets for tools to identify specific attacks and exploits based on feedback and requirements from business stakeholders including Compliance and Legal Counsel.
• Practical experience scaling vulnerability detection solutions to meet enterprise sizing requirements and performing tuning to manage the amount of alerting that occurs.
• Strong understanding of modern code languages and Cybersecurity and vulnerability frameworks, NIST 800-40, OWASP, etc.
• Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems.
• Strong knowledge of IT and cloud technologies and methods to secure them, specifically for applications databases, storage area networking, cloud-based storage, and data warehouses.
• Practical experience with data loss, data privacy, regulatory requirements.
• Strong knowledge of the OSI model and securing each layer.
• Strong understanding of Software Development Lifecycle (SDLC) and DevSecOps methodologies.

• Experience in setting appropriate priorities for tasks to be accomplished based on project plans and management priorities is required.
• Proven ability to communicate across multiple levels of stakeholders.
• Ability to interpret and document business and technical requirements.
• Good interpersonal, verbal, and written communication skills.
• Detail oriented with good time and analytical skills.
• Ability to read source code from various languages and understand program logic.
• Ability to work both independently and in a team environment.
• Ability to manage multiple projects and tasks.
• Ability to manage production sensitive situations

Experience

• Bachelor's Degree or equivalent experience preferred
• 0-2 years of experience in large and complex business environments with a successful track record working directly with senior level management with working knowledge in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• 0-2 years of hands on experience supporting requirements of a large, global enterprise environment preferred
• Prior experience in Cybersecurity Vulnerability Management strongly preferred.

Licenses

• Cybersecurity related Certifications strongly preferred

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture - an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work - we thrive.

Compensation: Competitive pay and bonus eligibility

Work Life Balance: Flexible hybrid work environment, 4-days a week in office

#LI-HH1

#GMFjobs

#LI-Hybrid