GM Financial

Principal Cybersecurity Engineer, Incident Response

GM Financial

full-time

Posted on:

Location Type: Hybrid

Location: ArlingtonTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSAzureCloudCyber SecurityDNSLinuxNFSPythonSplunkTCP/IPUnix

About the role

  • Participate in incident investigations, covering detection, containment, eradication, recovery, and post-incident reviews
  • Enhance incident response tools, scripts, and frameworks to improve efficiency, accuracy, and scalability of detection, response and investigations
  • Conduct memory/network/host/cloud forensics, malware reverse-engineering, and automated triage
  • Create customized tactical and strategic remediation plans related to alerts and incidents identified inside the GMF landscape as well as identified in the wild
  • Produce analytical findings through technical reports post incident
  • Identify and codify attacker TTPs and IOCs, feeding them into detection pipelines and IR playbooks
  • Gather and analyze cybersecurity data, technology tools and risk systems to identify security exposures
  • Participate in tabletop exercises, Purple Team sessions, and threat fencing simulation
  • Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or anomalous activity
  • Stay ahead of the threat landscape—monitor zero-days, vulnerabilities, and advanced persistent Threats

Requirements

  • Experience with threat intelligence techniques, detection rules, and a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise
  • Experience conducting or managing incident response investigations for organizations, investigating targeted threats such as Advanced Persistent Threats, Organized Crime, and Hacktivists
  • Proven ability to develop and implement risk hunting methodologies
  • Experience with network, endpoint, memory, disk, and cloud forensics
  • Knowledge of global cyber threats, threat actors, adversary tactics, techniques and procedures
  • Familiarity with TTPs, IOCs, and the MITRE ATT&CK and RE&ACT framework
  • Understanding of cloud incident response on platforms like Azure or AWS, including knowledge on how to implement logging and monitoring in them
  • Experience on case management, following workflows, communicating incidents, and retrieving necessary data
  • Skilled in scripting to build or improve incident response
  • Ability to construct and test APIs
  • Knowledge of NIST incident response roles and capabilities
  • Demonstrated knowledge of TCP/IP networking, OSI model and IP subnetting
  • Demonstrated knowledge of CI/CD and Detection as Code
  • Knowledge of analysis tools like Bro/Zeek or Suricata, Splunk SPL and ability to perform analysis of associated network logs
  • Understanding of secure network architecture and strong background in performing network operations
  • Technical understanding of application layer protocols including HTTP, SSH, SSL, and DNS and how they relate to cybersecurity
  • Technical knowledge of common network protocols and design patterns including TCP/IP/ HTTPS/ FTP, SFTP, SSH, RDP, CIFS/SMB, NFS
  • Experience with Python, PowerShell, Bash, Jupyter and Anaconda, capable of writing modular code that can be installed on a remote system
  • Capabilities in core data science principles
  • In-depth understanding of Windows operating systems and general knowledge of Unix, Linux, and Mac operating systems
  • Understanding of source code, hex, binary, regular expression, data correlation, and analysis such as network flow and system logs
  • Proficient with Yara and writing rules to detect similar malware samples
  • Knowledgeable of current malware techniques to evade detection and obstruct analysis
  • Understanding of the capabilities of static and dynamic malware analysis, and practical experience with static, dynamic, and automated malware analysis techniques
  • Experience writing malware reports
  • Experience with reverse engineering various file formats and analysis of complex malware samples
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
incident responseforensicsmalware reverse-engineeringscriptingAPI construction and testingTCP/IP networkingCI/CDdata analysismalware analysisthreat intelligence
Soft Skills
analytical skillscommunicationproblem-solvingcollaborationrisk management
Certifications
NIST incident responseMITRE ATT&CKRE&ACT framework