GM Financial

Senior Principal Cybersecurity Engineer, Threat and Vulnerability

GM Financial

full-time

Posted on:

Location Type: Hybrid

Location: IrvingTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityDockerLinuxNode.jsPythonTCP/IPUnix

About the role

  • Support and influence technical direction for vulnerability and scanning supporting technology
  • Architect, build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
  • Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities
  • Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
  • Serve as a technical escalation point for vulnerability management and remediation efforts
  • Define, build and apply protective mitigations and work with engineering and infrastructure teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
  • Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
  • Examine disclosed vulnerabilities, threat scenarios, and mitigating controls to understand the potential impact on the organization
  • Provide specific recommendations for addressing and mitigating identified vulnerabilities, prioritizing effort based on factors such as risk, exposure, business impact, threat intelligence, and contextual data
  • Perform technical analysis of all scan results and provide a report of analysis as required

Requirements

  • Experience with leading cross-functional and/or global initiatives from start to finish
  • Advanced knowledge of business acumen and a deep understanding of business implications of decisions
  • In-depth understanding of company values, mission, vision and strategic direction
  • Comprehensive knowledge of GM Financial’s business operations
  • Recognized as an expert across the business unit
  • Strong experience in threat modeling, secure design, and code review processes
  • Strong knowledge of Windows, Linux, Unix, and other operating system’s vulnerabilities and ways to stop them
  • Demonstrated knowledge in methods to protect against ransomware threats
  • Deep experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
  • Independent ability to aggregate and report on data, utilizing data visualization techniques
  • Robust experience securing hybrid/multi cloud environments (Azure, AWS)
  • Proven and verifiable record of building vulnerability tooling and automations integrated into workflows
  • Deep understanding of the vulnerability risk landscape and its impact on cyber threats
  • Strategic understanding and practical experience with vulnerability remediation priority
  • Demonstrated experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures
  • Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
  • Strong experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
  • Experience with Python, REST, Node, SWL, and other popular coding languages.
  • Strong familiarity with computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
  • Demonstrated experience with DevSecOps and CI/CD methodologies
  • Strong understanding with securing container-based systems (Docker, Kuberntes, etc)
  • Working understanding of CVE, CWE, CVSS scoring, MitRE ATT&CK Framework, threat intelligence, and CISA
  • Possess excellent analytical, written, and verbal communication and documentation skills.
  • Bachelor's Degree or Associate Degree plus 2 years of relevant experience required
  • 12 years minimum experience in related functions
  • 5-7 years experience leading through mentorship in a related field
  • 5-7 years experience driving thought leadership and innovation across products
  • Relevant certifications or licenses preferred
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability detectionthreat modelingsecure designcode reviewvulnerability managementapplication security testingPythonRESTNodeSQL
Soft Skills
analytical skillswritten communicationverbal communicationmentorshipthought leadershipinnovationbusiness acumencross-functional leadershipstrategic understandingindependent reporting