Cybersecurity Engineer

JOB DESCRIPTION

Why GMF Cybersecurity?

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

• Develop and maintain detection rules at source and within a SIEM to identify anomalous behaviors, suspicious activity, and emerging threats across on-prem and cloud environments
• Manage, filter, and correlate high-volume telemetry from multiple sources to produce actionable insights
• Align detection engineering efforts with CSIRT operational goals, ensuring seamless integration with incident response workflows and Detection as Code (DaC) Pipelines
• Continuously improve alert fidelity by tuning detection logic and reducing false positives
• Perform threat hunting and detection gap analysis to proactively identify coverage gaps and strengthen detection capabilities
• Investigate security incidents from detection to resolution, engaging in any containment, eradication and recovery actions as needed
• Conduct purple teaming exercises and analyze resulting log activity to validate detection coverage and identify gaps
• Collaborate with our threat intelligence team to incorporate emerging indicators and TTPs into detection strategies
• Document detection logic, tuning, playbooks and validation results for transparency, auditability, and knowledge sharing
• Stay current with evolving attack techniques and security technologies to adapt detection strategies accordingly
• Participate in an on‑call rotation as needed to support timely response to security incidents outside of standard business hours

• Strong technical skills and hands on experience in Cybersecurity Defensive Operations as it relates to alert triage, on-going monitoring, detection, investigation, and incident response activities
• Understanding of Cybersecurity concepts such as SIEM analytics, Endpoint security, Network security, Cloud security, Data Loss Prevention/Data Privacy, and Web/Email security
• Practical understanding of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Demonstrate familiarity with AI and large language models (LLMs) and their application in cybersecurity, including how they can support threat detection, analysis, and decision‑making
• Strong knowledge of the OSI model and security that is associated with each layer
• Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux/Mac, web/email traffic fundamentals, and using a command line interface (CLI)
• Practical understanding of cloud providers, technologies, and concepts
• Understanding of Agile, CI/CD, and DevOps environments
• Experience with scripting languages such as Python or PowerShell
• Demonstrated ability to communicate across multiple levels of stakeholders
• Ability to document and summarize technical evidence and findings
• Good interpersonal, verbal, and written communication skills across various mediums
• Detail oriented with good time and analytical skills
• Ability to exercise prudent judgment and offer knowledgeable recommendations
• Ability to work both independently and in a team environment
• Ability to manage multiple projects, tasks, and investigations
• Ability to work in sensitive situations
• Be a reputable representative of the department
• Attention to detail and ability to formulate decisions based on evidence gathering

• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent work experience strongly preferred
• 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• 1-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred

• One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred