Cybersecurity Engineer - Incident Response

JOB DESCRIPTION

Flexible hybrid work environment, 4 days a week in the office.

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with the security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.

As a part of GM Financial, you'll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

RESPONSIBILITIES

About the role:

• The Cybersecurity Engineer is responsible for maintaining and building detection, investigation, and incident response activities to identify and mitigate threats to the corporate network, assets, and users. This team member will collaborate with stakeholders to perform on-going alerting and tuning on various technologies. Security technologies may include but are not limited to: Data Loss Prevention (DLP), Security Incident Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Intrusion Detections System (IDS)/Intrusion Prevention System (IPS), Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Security Orchestration, Automation and Response (SOAR), and Web/Email Security Products.

• Triage, investigate, escalate alerts and incidents from multiple sources of varying technical levels
• Investigate security incidents from detection to resolution, engaging in any containment, eradication and recovery actions as needed
• Write and execute search commands within a SIEM to find relevant information
• Navigate various security products and solutions for pertinent data and insights
• Develop custom rules and detections using Regular Expression (Regex) and YARA
• Remain up to date on the latest Cybersecurity trends and tactics, techniques, and procedures (TTP)
• Attention to detail and ability to formulate decisions based on evidence gathering
• Perform other duties as assigned
• Conform with all company policies and procedures

• Strong technical skills and hands on experience in Cybersecurity as it relates to alert triage, on-going monitoring, detection, investigation, and incident response activities
• Understanding of Cybersecurity concepts such as Endpoint security, Network security, Cloud security, Data Loss Prevention/Data Privacy, and Web/Email security
• Practical knowledge of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Strong knowledge of the OSI model and security that is associated with each layer
• Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux/Mac, web/email traffic fundamentals, and using a command line interface (CLI)
• Practical knowledge of cloud providers, technologies, and concepts
• Understanding of Agile and DevOps environments
• Experience with scripting languages such as Python, Go, Ruby, PowerShell, etc
• Demonstrated ability to communicate across multiple levels of stakeholders
• Ability to document and summarize technical evidence and findings
• Good interpersonal, verbal, and written communication skills across various mediums
• Detail oriented with good time and analytical skills
• Ability to exercise prudent judgment and offer knowledgeable recommendations
• Ability to work both independently and in a team environment
• Ability to manage multiple projects, tasks, and investigations
• Ability to work in sensitive situations
• Be a reputable representative of the department

• Bachelor's Degree or equivalent experience preferred
• Working knowledge in one or more of the following domains: Cybersecurity, Cloud Computing, Network Engineering, Network Operations, Information Technology Support, System Administrator, Data Science, Software Development preferred
• 2+ years of experience in large, complex, and global business environment preferred

• Cybersecurity related Certifications strongly preferred (GCIH, GCFA, GCFE, Security+)

• Information Security Certifications strongly preferred