General Motors

Senior Cybersecurity Analyst – CMMC, DoD Compliance

General Motors

full-time

Posted on:

Location Type: Hybrid

Location: WarrenMissouriTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudCyber SecurityDNSLinux

About the role

  • Drive the overall governance for government programs.
  • Execute annual self-assessments (Continuous Monitoring) on CMMC/NIST controls and document findings.
  • Coordinate internal teams (IAM, cloud, infrastructure, SOC, endpoint, vulnerability management, application owners) to validate control implementation and operational effectiveness.
  • Identify compliance gaps, manage security exceptions (POA&Ms), and drive remediation prior to audit or customer assessments.
  • Lead CMMC readiness and sustainment activities for GM Defense programs, aligned to NIST SP 800‑171 and DoD expectations for CUI protection.
  • Build and maintain assessment‑ready evidence packages (policies, procedures, configurations, logs, tickets, reports) aligned to CMMC and DFARS requirements.

Requirements

  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent practical experience.
  • 5+ years of cybersecurity experience in regulated or government‑contract environments.
  • Experience supporting federally regulated cybersecurity requirements.
  • Experience preparing for third‑party or government assessments.
  • Ability to translate and communicate DoD cybersecurity requirements for application teams.
  • Knowledge in the following areas: Identity & Access Management (IAM): RBAC, least privilege, privileged access workflows, MFA, service accounts, access reviews, joiner/mover/leaver processes.
  • Windows & Linux security: GPO/Intune or equivalent, local admin controls, secure baselines (e.g., CIS-aligned), logging configuration, patch management, hardening validation.
  • Network security: segmentation concepts, firewall rulesets, VPN/ZTNA, secure remote administration, network device logging, NAC fundamentals, DNS security basics.
  • Endpoint security: EDR capabilities, alert triage/validation, policy enforcement, device encryption, removable media controls.
  • Vulnerability management: scan coverage, risk-based prioritization, remediation workflows, exception handling, validation reporting.
  • SIEM/logging: ability to define log requirements, validate ingestion/retention, produce audit-ready log evidence, and explain detections and response workflows.
  • Practical experience with the following: Working knowledge of FAR and DFARS cybersecurity clauses, including contractor responsibilities for safeguarding CUI and incident reporting.
  • Understanding of government system authorization concepts, shared responsibility models, and secure enclave design.
  • Experience supporting cybersecurity requirements within defense programs, manufacturing, engineering, or supply‑chain environments.
  • Experience with secure enclave design, CUI boundary segmentation, or regulated environments in automotive/manufacturing/supply chain contexts.
Benefits
  • From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
CMMC controlsNIST SP 800-171Identity & Access Management (IAM)RBACMFAWindows securityLinux securityNetwork securityEndpoint securityVulnerability management
Soft Skills
communicationleadershiporganizationalcollaborationproblem-solving
Certifications
Bachelor’s degree in CybersecurityBachelor’s degree in Information SystemsBachelor’s degree in Computer Science