General Motors

Senior Cyber Threat Intelligence Analyst – Security Operations

General Motors

full-time

Posted on:

Location Type: Hybrid

Location: WarrenMissouriTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudCyber SecurityPythonServiceNowSplunkSQL

About the role

  • Collect, normalize, and analyze threat data from commercial feeds, deep/dark web, forums, ISACs, law enforcement partners, open sources, and internal telemetry on vulnerabilities, exploits, malware, and threat actors targeting connected vehicle, IT, HR, manufacturing and supply chain environments.
  • Produce clear, concise, and well-structured intelligence products (alerts, briefings, assessments, and dashboards) tailored to different audiences (SOC, executives, engineers, developers, and business stakeholders).
  • Maintain up‑to‑date awareness of adversary TTPs, emerging malware, ransomware trends, fraud schemes, and sector‑relevant developments (e.g., automotive, manufacturing, supply chain).
  • Shape prioritization of remediation and control improvements by clearly articulating risk, likely impact, and recommended actions.
  • Provide on‑call intelligence support for Security Operations, joining incident triage calls to contextualize alerts, prioritize actions, and recommend mitigations.
  • Enrich investigations and cases in tools such as MISP, OpenCTI, and ServiceNow with IOCs, threat group context, and likely courses of action.
  • Conduct ad hoc research and RFIs to support time-sensitive investigations, executive questions, and cross‑functional initiatives.
  • Build and maintain effective working relationships with internal stakeholders (Cyber Defense, Product Cybersecurity, Manufacturing, Third Party Cybersecurity, Legal, Red Team, etc.) and external partners (ISACs, vendors, and law enforcement as appropriate).
  • Participate in recurring threat intel updates, briefings, and working sessions; adapt messaging to technical and non‑technical audiences.
  • Gather feedback on intelligence products and services and use it to improve relevance, timeliness, and usability.
  • Contribute to the development and continuous improvement of intelligence workflows, SOPs, and playbooks, leveraging automation wherever feasible.
  • Use and help evolve key performance indicators (e.g., timeliness of IOC ingestion, pipeline health, customer satisfaction, and PIR coverage) to demonstrate measurable value from CTI.
  • Follow a requirements-driven approach to ensure intelligence production is aligned with Threat Intelligence Requirements (PIRs) and organizational risk.
  • Serve as a subject matter expert and mentor junior analysts, fostering a culture of continuous learning and technical excellence within GM’s security team.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related discipline; or equivalent combination of education and relevant experience.
  • 4+ years of experience in at least one of the following areas: Cyber threat intelligence, Incident response / detection engineering, Threat hunting, Security operations or closely related technical security roles.
  • Strong understanding of: Common adversary TTPs, intrusion kill chains, and MITRE ATT&CK.
  • Core network, endpoint, and cloud security concepts.
  • Cyber attack vectors, detection techniques, and common exploit patterns.
  • Demonstrated ability to research and analyze complex technical information and distill it into actionable, business‑relevant recommendations.
  • Write clear, concise intelligence products in English for both technical and executive audiences.
  • Work effectively in a fast‑paced environment, managing multiple concurrent priorities.
  • Demonstrated ability to prepare and deliver clear, concise, and accurate verbal briefings to both technical and non-technical stakeholders, including senior leadership, with a focus on actionable insights.
  • Experience with at least some of the following: Threat intelligence platforms and sharing tools (e.g., MISP, Recorded Future, VirusTotal).
  • SIEM / logging platforms (e.g., Google Secops, QRadar, Splunk, or equivalent).
  • Case management and ticketing systems (e.g., ServiceNow).
  • Basic scripting or data analysis (e.g., Python, SQL, Jupyter, or similar) for IOC processing and enrichment.
Benefits
  • From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
  • This job may be eligible for relocation benefits.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cyber threat intelligenceincident responsethreat huntingsecurity operationscommon adversary TTPsintrusion kill chainsMITRE ATT&CKnetwork securityendpoint securitycloud security
Soft Skills
analytical skillscommunication skillstime managementcollaborationmentoringadaptabilityproblem-solvingattention to detailclear writingpresentation skills