GM Financial

Principal Cybersecurity Engineer – Threat and Vulnerability

GM Financial

full-time

Posted on:

Location Type: Hybrid

Location: IrvingTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSAzureCloudCyber SecurityDockerKubernetesLinuxNode.jsPythonTCP/IPUnix

About the role

  • Support technical direction for vulnerability and scanning supporting technology
  • Build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
  • Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities
  • Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
  • Serve as a technical escalation point for vulnerability management and remediation efforts
  • Build and apply protective mitigations teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
  • Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
  • Examine disclosed vulnerabilities, threat scenarios, and mitigating controls
  • Implement technical recommendations for addressing and mitigating identified vulnerabilities
  • Perform technical analysis of all scan results and provide a report of analysis as required

Requirements

  • Greater than 10 years of experience in related function required
  • 3-5 years of experience leading through mentorship in related field required
  • 3-5 years of experience leading projects and initiatives through influence required
  • High School Diploma or equivalent required
  • Associate's Degree or High School Diploma plus 2 additional years of related experience required
  • Related certifications and/or licenses required
  • Member of and recommendation by accredited association in related field preferred
  • Experience with leading initiatives from start to finish
  • Strong knowledge of business acumen and a deep understanding of business implications of decisions
  • Strong understanding of company values, mission, vision and strategic direction
  • Thorough knowledge of GM Financial’s business operations
  • Recognized as a subject matter expert in area(s) of specialty
  • Experience in threat modeling, secure design, and code review processes
  • Demonstrated knowledge of Windows, Linux, Unix, and other operating system’s vulnerabilities and ways to stop and/or mitigate
  • Demonstrated Knowledge on how to protect against ransomware threats
  • Experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
  • Ability to aggregate and report on data, utilizing data visualization techniques
  • Experience securing hybrid/multi cloud environments (Azure, AWS)
  • Experience building vulnerability tooling and automations integrated into workflows
  • Understanding of the vulnerability risk landscape and its impact on cyber threats
  • Working experience prioritizing vulnerability remediation
  • Experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls
  • Experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
  • Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
  • Experience with Python, REStREST, Node, SWL, and understanding of one or more VM scanners and other popular coding languages
  • Familiarity of computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
  • Familiarity with TCP/IP networking
  • Comfortability with DevSecOps and Comfortability with CI/CD methodologies and container security
  • Familiarity with securing container-based systems (Docker, Kubernetes, etc)
  • Understanding of CVE, CVSS scoring, CWE, MitRE ATT&CK Framework, threat intelligence, and CISA
  • Possess strong analytical, written, and verbal communication and documentation skills.
Benefits
  • Generous benefits package available on day one to include: 401K matching
  • bonding leave for new parents (12 weeks, 100% paid)
  • training
  • GM employee auto discount
  • community service pay
  • nine company holidays
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability detectionvulnerability assessmentthreat modelingsecure designcode reviewvulnerability managementapplication security testingsecure coding practicesPythonAWS
Soft Skills
mentorshipleadershipbusiness acumenanalytical skillscommunication skillsdocumentation skillsinfluencestrategic directionproblem-solvingteam collaboration
Certifications
related certificationsaccredited association membership