Sr Cybersecurity Engineer

JOB DESCRIPTION

Why GMF Cybersecurity?

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

RESPONSIBILITIES

About the role:

The Sr Cybersecurity Engineer - Incident Response will lead the detection, investigation, and response to complex cybersecurity threats, driving advanced incident response activities and enhancing security monitoring across a broad range of technologies. If you are looking to make a meaningful impact by applying your extensive cybersecurity experience to improve detection capabilities, guide response efforts, and strengthen the organization's overall security posture, GM Financial is the place to do it.

In this role you will:

• • Participate in incident investigations, covering detection, containment, eradication, recovery, and post-incident reviews
• • Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity
• • Act as the senior escalation point for complex investigations, providing investigative direction and response strategy

• Develop and standardize incident response playbooks to improve consistency and efficiency

• Knowledge of TCP/IP networking, OSI model and IP subnetting
• Knowledge of analysis tools like Bro/Zeek or Suricata, and ability to perform analysis of associated network logs
• Knowledge of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Knowledge of Windows operating systems and general knowledge of Unix, Linux, and Mac operating systems
• Knowledge of cloud incident response on platforms like Azure
• Hands‑on experience responding to security incidents in cloud and on-prem environments
• Experience writing and optimizing Splunk queries for investigation and threat hunting across various data sources
• Ability to use scripting and automation to acquire evidence, investigate at scale, and accelerate response actions
• Experience translating investigations into repeatable response processes, documentation, and improvement opportunities for detection and prevention
• Demonstrated ability to communicate across multiple levels of stakeholders
• Ability to document and summarize technical evidence and findings
• Good interpersonal, verbal, and written communication skills across various mediums
• Detail oriented with good analytical skills and ability to formulate decisions based on evidence gathering
• Ability to exercise prudent judgment and offer knowledgeable recommendations
• Ability to work both independently and in a team environment
• Ability to manage multiple projects, tasks, and investigations
• Ability to work in sensitive situations
• Be a reputable representative of the department

• Ability to use AI tools (e.g., Microsoft Copilot) to support daily work
• Skills in evaluating AI outputs for accuracy, compliance, and bias
• Experience integrating AI into workflows to improve efficiency or insights
• Familiarity with AI assisted research, summarization, and content generation
• Understanding of responsible AI use, including ethics and data protection

• 3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent work experience strongly preferred

• One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred