Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
General Motors

Senior Cybersecurity Vulnerability Management Engineer

General Motors

Senior Cybersecurity Vulnerability Engineer protecting GM from cyber threats through vulnerability management and remediation strategies. Collaborating with various stakeholders and leading technical initiatives for cybersecurity.

Posted 6/14/2026full-timeWarren • Missouri • 🇺🇸 United StatesSeniorWebsite

Tech Stack

Tools & technologies
AWSAzureCloudCyber SecurityGoogle Cloud PlatformServiceNow

About the role

Key responsibilities & impact
  • Design, implement, and improve cybersecurity capabilities that protect GM’s risk domains.
  • Independently assess complex vulnerability and exposure risks.
  • Translate threat intelligence and technical findings into actionable remediation priorities.
  • Influence outcomes across infrastructure, cloud, application, manufacturing, and security stakeholder groups.
  • Solve diverse, non-standard security problems and translate broad challenges into implementable initiatives.
  • Drive delivery across teams through technical leadership, sound judgment, and influence.
  • Lead engineering, operational improvement, and continuous maturity of GM Vulnerability Management core services across enterprise infrastructure, client endpoints, multi-cloud, and AI security threat exposure domains.
  • Contribute to workflow integration and automation across detection, security unification tools, automated patching orchestration, and related platforms.
  • Mentor and provide technical leadership and consultative support to less experienced engineers and aligned remediation owners.

Requirements

What you’ll need
  • Bachelor’s degree in Cybersecurity, Computer Science, Engineering, Information Technology, or a related field, or equivalent practical experience.
  • Significant professional experience in cybersecurity engineering, vulnerability management, security operations, cloud security, infrastructure security, or related domains.
  • Proven expertise in Enterprise Data Center Infrastructure vulnerability management, including servers, network-attached infrastructure, virtualization, patch coordination, exception handling, and remediation prioritization for enterprise environments.
  • Proven expertise in client endpoint vulnerability management, including endpoint controls, patching, software and browser update compliance, detection coverage, and remediation at scale.
  • Proven expertise in multi-cloud vulnerability management across Azure, AWS, and GCP, including cloud workload exposure, misconfigurations, container image and runtime risks, and risk-based remediation workflows.
  • Proven expertise in AI security threat vulnerability management, including AI workload inventory, model supply chain risk, prompt injection, data leakage, model misuse, agent abuse scenarios, runtime behavior review, and control validation.
  • Experience correlating vulnerability findings with business, asset, identity, telemetry, network, SBOM, and threat-intelligence context to support risk-based prioritization and exploitability-focused decision-making.
  • Experience with enterprise vulnerability management platforms, scanners, and workflow tooling such as Qualys, Tenable, Wiz, ServiceNow or comparable platforms.
  • Strong understanding of remediation governance, exception management, dashboarding, metrics, and continuous improvement within a mature vulnerability management program.
  • Demonstrated ability to work independently, exercise strong judgment, and deliver results with minimal guidance.
  • Proven ability to solve complex, ambiguous problems using structured analysis and innovative approaches.
  • Experience leading initiatives that span multiple teams, stakeholders, or technical domains.
  • Strong communication and influence skills, including the ability to present recommendations supported by data and analysis.
  • Commitment to protecting sensitive information, speaking up about risks, and operating with integrity.
  • Demonstrated ability to run an end-to-end vulnerability intelligence workflow for a high-profile CVE, from initial awareness through intelligence collection, environmental relevance scoping, contextual scoring, and tailored outputs for executive and technical stakeholders.
  • Strong judgment in risk-based prioritization beyond CVSS, including the ability to weigh EPSS, CISA KEV status, active exploitation, exploit maturity, asset criticality, internet exposure, and compensating controls to assign and defend a GM-specific priority.
  • Ability to assess exploitability when public information is incomplete by reasoning through attack complexity, required privileges, user interaction, environmental preconditions, and the effectiveness of the control stack, then updating recommendations as PoCs and tooling emerge.
  • Experience mapping newly disclosed vulnerabilities to complex enterprise environments spanning multiple operating systems, cloud platforms, infrastructure, and third-party products using CMDB, scanner outputs, SBOMs, cloud inventories.
  • Strong written and verbal communication skills for producing high-quality vulnerability briefs that clearly summarize impact, affected assets, exploit likelihood, recommended actions, and remediation timelines for different audiences.
  • Experience designing or improving a vulnerability intelligence pipeline, including source ingestion, normalization, deduplication, enrichment with internal context, scoring, and publishing into tickets, dashboards, SOC workflows, and leadership updates.
  • Proven ability to respond to high-impact 0-days in critical third-party products by rapidly validating noisy intelligence, scoping exposure, recommending interim mitigations, and structuring updates during the first 24 to 72 hours.
  • Ability to reconcile conflicting vulnerability data across vendors, scanners, commercial feeds, internal observations, document rationale, and establish a defensible environment-specific rating.
  • Experience defining and using leadership metrics and dashboards that combine scanner, CMDB, ticketing, and threat-intelligence data to track remediation urgency, business exposure, and time-to-remediate.
  • Strong partnership skills with SOC and incident response teams to translate vulnerability intelligence into targeted detection, containment, remediation, and post-incident scoring improvements.
  • Technical depth to interpret exploit code, TTPs, and attacker tradecraft when needed, and adjust recommendations when practical exploitability differs from initial assumptions.
  • Knowledge of the regulatory landscape and intricacies related to industry cybersecurity standards and best practices (examples include: NIST CSF, SSDF, NIST 800-53, ISO 270001/2, ISO/IEC 15.x.x, NHTSA Best Practices, ISO/SAE 21434, SOC2, etc) and state privacy laws.
  • Experience with policy/standard process creation and acceptance.

Benefits

Comp & perks
  • Health insurance
  • Paid time off
  • Flexible work arrangements
  • Professional development opportunities

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity engineeringvulnerability managementsecurity operationscloud securityinfrastructure securityendpoint vulnerability managementmulti-cloud vulnerability managementAI security threat vulnerability managementrisk-based prioritizationexploitability assessment
Soft Skills
technical leadershipstrong judgmentproblem-solvingcommunication skillsinfluence skillsindependent workmentoringcollaborationanalytical thinkingcommitment to integrity