GM Financial

Senior Cybersecurity Engineer

GM Financial

full-time

Posted on:

Location Type: Hybrid

Location: IrvingTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityDNSFirewallsGoogle Cloud PlatformKubernetesMicroservicesPythonTCP/IPTerraform

About the role

  • Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security.
  • Design and implement security solutions with emphasis on:
  • Vulnerability Management (VM) platforms and processes
  • Application Security tools (SAST, DAST, IAST)
  • Web Application Firewalls (WAF)
  • Secure coding practices and CI/CD pipeline integration
  • Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts.
  • Utilize Qualys VMDR to perform automated and on-demand vulnerability scans across infrastructure, applications, and cloud environments
  • Analyze scan results, assess risk, and collaborate with system owners to prioritize and remediate vulnerabilities
  • Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies.
  • Create and present remediation progress, security metrics, vulnerability trends, and risk reports to leadership.
  • Participate in incident response activities, providing technical expertise for application-related security incidents.
  • Conduct periodic risk assessments for applications and supporting infrastructure.
  • Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities.
  • Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security.

Requirements

  • Deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies.
  • Hands-on experience with Qualys VMDR, including asset discovery, authenticated scanning, vulnerability assessment, and reporting.
  • Strong knowledge of vulnerability lifecycle management
  • Ability to interpret Qualys findings and translate technical vulnerabilities into actionable remediation guidance for technical and non-technical stakeholders.
  • Familiarity with container security, Kubernetes, and cloud-native application security.
  • Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation).
  • Proficiency in scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows.
  • Solid understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS).
  • Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10).
  • Strong analytical skills for interpreting vulnerability data and assessing business impact.
  • Excellent communication skills for collaborating with developers, operations teams, and leadership.
  • Ability to think strategically, innovate, and implement scalable security solutions.
  • Experience with CI/CD security integration and automated vulnerability scanning.
  • Familiarity with microservices architecture and securing APIs.
  • Knowledge of threat modeling and risk assessment methodologies.
  • Bachelor’s Degree in related field or equivalent work experience strongly preferred
  • High School Diploma or equivalent required
  • 3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
  • 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
  • Cybersecurity related certifications strongly preferred
Benefits
  • Generous benefits package available on day one to include: 401K matching
  • bonding leave for new parents (12 weeks, 100% paid)
  • tuition assistance
  • training
  • GM employee auto discount
  • community service pay
  • nine company holidays
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
vulnerability managementapplication securitySASTDASTIASTWeb Application Firewallssecure coding practicesCI/CD pipeline integrationvulnerability assessmentspenetration testing
Soft Skills
analytical skillscommunication skillsstrategic thinkinginnovationcollaboration
Certifications
NIST CSFISO 27001OWASP Top 10Cybersecurity related certifications