Principal Cybersecurity Engineer, Threat and Vulnerability

JOB DESCRIPTION

Hybrid work environment: 4 days onsite and 1 day remote

Why GM Financial Cybersecurity?

The GMF Cybersecurity team is tasked with the security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you'll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

• Support technical direction for vulnerability and scanning supporting technology
• Build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
• Monitor and assess the company's cybersecurity risks and implement mitigation strategies to address vulnerabilities
• Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
• Serve as a technical escalation point for vulnerability management and remediation efforts
  Build and apply protective mitigations teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
• Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
• Examine disclosed vulnerabilities, threat scenarios, and mitigating controls
• Implement technical recommendations for addressing and mitigating identified vulnerabilities
• Perform technical analysis of all scan results and provide a report of analysis as required

• Experience with leading initiatives from start to finish
• Strong knowledge of business acumen and a deep understanding of business implications of decisions
• Strong understanding of company values, mission, vision and strategic direction
• Thorough knowledge of GM Financials' business operations
• Recognized as a subject matter expert in area(s) of specialty
• Experience in threat modeling, secure design, and code review processes
• Demonstrated knowledge of Windows, Linux, Unix, and other operating system's vulnerabilities and ways to remediate and/or mitigate
• Demonstrated knowledge in methods to protect against ransomware threats
• Experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
• Ability to aggregate and report on data, utilizing data visualization techniques
• Experience securing hybrid/multi cloud environments (Azure, AWS)
  Experience building vulnerability tooling and automations integrated into workflows
• Understanding of the vulnerability risk landscape and its impact on cyber threats
• Working experience prioritizing vulnerability remediation
  Experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls
• Experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
• Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
• Experience with Python, REST, Node, SWL, and other popular coding languages
• Familiarity of computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
• Comfortability with DevSecOps and CI/CD methodologies
• Familiarity with securing container-based systems (Docker, Kuberntes, etc)
• Understanding of CVE, CVSS scoring, CWE, MitRE ATT&CK Framework, threat intelligence, and CISA
• Possess strong analytical, written, and verbal communication and documentation skills.

• Related certifications and/or licenses required
• Member of and recommendation by accredited association in related field preferred
• Greater than 10 years in related function required
• 3-5 years leading through mentorship in related field required
• 3-5 years leading projects and initiatives through influence required
• High School Diploma or equivalent required
• Associate Degree or High School Equivalent plus 2 additional years of related experience required