Sr Cybersecurity Engineer - Incident Response

JOB DESCRIPTION

Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you'll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

RESPONSIBILITIES

About the role:
The Senior Cybersecurity Engineer is responsible for designing, implementing, operating, and continuously improving security capabilities that identify, analyze, and mitigate threats to corporate networks, systems, data, and users. This role focuses on delivering scalable, well-engineered security controls and detection mechanisms aligned with mature threat detection, automation, and response practices. The Senior Cybersecurity Engineer partners closely with security leadership, IT, and business stakeholders to define core security requirements, design and deploy security technologies, and perform ongoing tuning, alerting, and optimization to ensure effectiveness and reduce operational noise. This engineer treats detections and security controls as code, leveraging automation, version control, and repeatable workflows to support reliability and continuous improvement.

In this role you will:

• Technologies supported by this role may include, but are not limited to, Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Security Orchestration, Automation, and Response (SOAR), User and Entity Behavior Analytics (UEBA), Host Intrusion Prevention Systems (HIPS), and web and email security gateways, across both on‑premises and cloud environments. In addition to hands-on technical implementation, this role is responsible for clearly communicating security risks, requirements, and recommendations to cybersecurity leadership and management, contributing to incident response readiness, and supporting the ongoing maturation of the enterprise security program.
• Design, develop, test, and deploy scalable detection logic across SIEM and cloud environments using mature IoC principles, detections‑as‑code practices, Git, and automated pipelines.
• Write, maintain, and review production‑quality code (Python, JavaScript, PowerShell, Bash) to support security detections, automation, custom tooling, and API integrations.
• Build, enhance, and maintain SOAR playbooks integrated with incident response and case management systems to enable enrichment, automation, and rapid response.
• Partner closely with SOC and Incident Response teams to understand workflow bottlenecks, serve as an escalation point for detection pipelines and tooling, and reduce time‑to‑resolution.
• Translate threat intelligence, post‑incident analysis, and tabletop exercise outcomes into actionable detections, automation, and security control improvements.
• Proactively evaluate emerging security technologies and capabilities, providing recommendations that strengthen protection of enterprise information assets.
• Collaborate with cybersecurity leadership to plan and execute initiatives that accelerate organizational security maturity and operational effectiveness.
• Support security governance efforts by maintaining procedures, standards, and technical documentation, and by participating in periodic risk assessments.

• Deep understanding of networking fundamentals, including TCP/IP, the OSI model, subnetting, routing and switching, load balancing concepts, and both local and wide area networking protocols.
• Experience configuring and triaging multiple host and server operating systems (Windows, macOS and Linux)
• Strong proficiency with application-layer protocols such as HTTP, SSH, SSL/TLS, and DNS, and how they impact security architecture and operations.
• Experience in hands‑on alert triage, ongoing monitoring, and investigation is a plus
• Advanced expertise in infrastructure design, management, and securing enterprise environments across servers, clients, users, networks, and data storage platforms.
• Extensive cloud security knowledge, including hands-on experience securing deployments in Microsoft Azure, AWS, and Google Cloud Platform, as well as containerized and Kubernetes-based environments, managed PaaS services, Agile, and DevOps ecosystems.
• Demonstrated ability to manage infrastructure and security controls through CI/CD pipelines and automated workflows, including scripting and automation using languages such as Python, Go, and JavaScript.
• Strong understanding of IT Service Management (ITSM) best practices, project management methodologies, and experience using UML design tools to document and communicate system designs.
• Familiarity with IR specific frameworks "i.e. NIST Incident Response Lifecycle and/or MITRE ATT&CK Framework"
• Commitment to staying current on evolving security and privacy legislation, regulations, vulnerabilities, advisories, and emerging threats.
• Excellent analytical skills with the ability to apply structured analysis methods to identify trends, assess risk, and evaluate business impact from complex datasets.
• Strong communication and leadership skills, including technical writing, documentation (Visio and Microsoft Office tools), mentoring junior engineers, and collaborating effectively across technical and non-technical teams.
• Demonstrated ability to think strategically, solve problems creatively, and approach challenges with an open, innovative, and detail-oriented mindset while maintaining effective planning, time management, and delegation skills.

• 3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent work experience strongly preferred

• One or more security and cloud related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS, AWS Certified DevOps Engineer - Professional, Microsoft Cybersecurity Architect, highly preferred