Sr Cybersecurity Engineer

JOB DESCRIPTION

Why GMF Cybersecurity?

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

RESPONSIBILITIES

About the role

This role serves as the senior subject matter expert for cloud incident response across Microsoft Azure and Microsoft 365. You will lead high‑impact investigations, mentor responders, and continuously improve the speed, quality, and repeatability of cloud incident response operations. This position is ideal for an experienced cloud security engineer, architect, or incident responder who thrives in complex investigations and wants to shape how cloud response is done at scale.

In this role you will:

• Lead Azure and Microsoft 365 security investigations, including identity compromise, privilege escalation, persistence, data exfiltration, and abuse of cloud services
• Act as the senior escalation point for complex cloud investigations, providing investigative direction and response strategy
• Perform investigations using Azure Activity Logs, Entra ID logs, Microsoft 365 Unified Audit Log, Defender telemetry, and related forensic artifacts
• Develop and standardize cloud‑specific incident response playbooks to improve consistency and efficiency
• Stay current with evolving attack techniques and security technologies to design, build, and continuously refine cloud detections and alerts across Azure and Microsoft 365
• Participate in an on‑call rotation as needed to support timely response to security incidents outside of standard business hours

• Extensive hands‑on experience responding to security incidents in Microsoft Azure and/or Microsoft 365
• Strong understanding of Azure tenant and subscription architecture, Entra ID identity models, roles, conditional access, and privilege management
• Deep familiarity with cloud logging, telemetry sources, and forensic artifacts, including what is available, how it is acquired, and how attackers attempt to evade it
• Advanced experience writing and optimizing KQL queries for investigation and threat hunting across Defender data sources
• Ability to use Graph API, PowerShell, and automation to acquire evidence, investigate at scale, and accelerate response actions
• Demonstrate strong familiarity with cloud security platforms such as Microsoft Defender and Wiz
• Strong knowledge of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Experience translating investigations into repeatable response processes, documentation, and improvement opportunities for detection and prevention.
• Background in cloud security engineering or architecture or prior senior‑level incident response experience with significant cloud exposure.
• Demonstrated ability to communicate across multiple levels of stakeholders
• Ability to document and summarize technical evidence and findings
• Good interpersonal, verbal, and written communication skills across various mediums
• Ability to exercise prudent judgment and offer knowledgeable recommendations

• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent work experience strongly preferred
• 3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred

• One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred