GM Financial

Senior Principal Cybersecurity Engineer, Incident Response

GM Financial

full-time

Posted on:

Location Type: Hybrid

Location: ArlingtonTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityDNSLinuxNFSPythonSplunkTCP/IPUnix

About the role

  • Actively participate in incident investigations, covering detection, containment, eradication, recovery, and post-incident reviews
  • Develop and enhance incident response tools, scripts, and frameworks to improve efficiency, accuracy, and scalability of detection, response and investigations
  • Conduct and enhance memory/network/host/cloud forensics, malware reverse-engineering, and automated triage
  • Create customized tactical and strategic remediation plans related to alerts and incidents identified inside the GMF landscape as well as identified in the wild
  • Convey analytical findings through finished technical reports post incident
  • Identify and codify attacker TTPs and IOCs, feeding them into detection pipelines and IR playbooks
  • Gather and analyze cybersecurity data, technology tools and risk systems to identify security exposures
  • Lead or participate in tabletop exercises, Purple Team sessions, and threat fencing simulation
  • Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or anomalous activity
  • Stay proactively ahead of the threat landscape—monitor zero-days, vulnerabilities, and advanced persistent threats

Requirements

  • Experience with leading cross-functional and/or global initiatives from start to finish
  • Advanced knowledge of business acumen and a deep understanding of business implications of decisions
  • In-depth understanding of company values, mission, vision and strategic direction
  • Comprehensive knowledge of GM Financial’s business operations
  • Recognized as an expert across the business unit
  • Experience building detection rules and associated
  • Experience with threat intelligence techniques and detection rules, and a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise
  • Strong experience conducting or managing incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hacktivists
  • Strong ability to independently develop and implement risk hunting methodologies
  • Skilled in network, endpoint, memory, disk, and cloud forensics—with documented lead roles in complex investigations
  • Working knowledge of global cyber threats, threat actors, adversary tactics, techniques and procedures
  • Experience with TTPs, IOCs, and the MITRE ATT&CK and RE&ACT framework
  • Strong understanding of cloud incident response on platforms like Azure or AWS including working knowledge of how to implement logging and monitoring within them
  • Consistent experience on case management, following workflows, communicating incidents, and retrieving necessary data
  • Verifiably skilled in scripting to build or improve incident response
  • Demonstrated experience constructing and testing APIs
  • Experienced in NIST incident response roles and capabilities
  • Advanced knowledge of TCP/IP networking, OSI model and IP subnetting
  • Advanced knowledge of CI/CD and Detection as Code
  • Knowledge of analysis tools like Bro/Zeek or Suricata, Splunk SPL and ability to perform analysis of associated network logs
  • Strong understanding of secure network architecture and strong background in performing network operations
  • Strong technical understanding of application layer protocols including HTTP, SSH, SSL, and DNS and how they relate to cybersecurity
  • Technical knowledge of common network protocols and design patterns including TCP/IP/ HTTPS/ FTP, SFTP, SSH, RDP, CIFS/SMB, NFS
  • Advanced experience within Python, PowerShell, Bash, Jupyter and Anaconda, capable of writing modular code that can be installed on a remote system
  • Demonstrated capabilities in core data science principles
  • In-depth understanding of Windows operating systems and general knowledge of Unix, Linux, and Mac operating systems
  • Understanding of source code, hex, binary, regular expression, data correlation, and analysis such as network flow and system logs
  • Proficient with Yara and writing rules to detect similar malware samples
  • Knowledgeable of current malware techniques to evade detection and obstruct analysis
  • Understanding of the capabilities of static and dynamic malware analysis, and practical experience with static, dynamic, and automated malware analysis techniques
  • Experience writing malware reports
  • Experience with reverse engineering various file formats and analysis of complex malware samples
  • **Experience and Education:**
  • - Bachelor's Degree or Associate Degree plus 2 years of relevant experience required
  • - 12 years minimum experience in related functions
  • - 5-7 years experience leading through mentorship in a related field
  • - 5-7 years experience driving thought leadership and innovation across products
  • - Relevant certifications or licenses preferred
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
incident responseforensicsmalware reverse-engineeringdetection rulesrisk hunting methodologiesnetwork forensicscloud forensicsscriptingAPI constructiondata analysis
Soft Skills
leadershipcommunicationanalytical thinkingcross-functional collaborationbusiness acumenindependent problem-solvingmentorshipinnovationstrategic thinkingteamwork
Certifications
Bachelor's DegreeAssociate Degreerelevant certifications