Hybrid work environment: 4 days onsite and 1 day remote
Why GM Financial Cybersecurity?
The GMF Cybersecurity team is tasked with the security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
What Makes You A Dream Candidate?
Experience with leading initiatives from start to finishStrong knowledge of business acumen and a deep understanding of business implications of decisionsStrong understanding of company values, mission, vision and strategic directionThorough knowledge of GM Financials' business operationsRecognized as a subject matter expert in area(s) of specialtyExperience in threat modeling, secure design, and code review processesDemonstrated knowledge of Windows, Linux, Unix, and other operating system’s vulnerabilities and ways to remediate and/or mitigateDemonstrated knowledge in methods to protect against ransomware threatsExperience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)Ability to aggregate and report on data, utilizing data visualization techniquesExperience securing hybrid/multi cloud environments (Azure, AWS)Experience building vulnerability tooling and automations integrated into workflowsUnderstanding of the vulnerability risk landscape and its impact on cyber threatsWorking experience prioritizing vulnerability remediation
Experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controlsExperience building and operating Vulnerability Management, Threat Intelligence, or other security programsKnowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).Experience with Python, REST, Node, SWL, and other popular coding languagesFamiliarity of computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.Comfortability with DevSecOps and CI/CD methodologiesFamiliarity with securing container-based systems (Docker, Kuberntes, etc)Understanding of CVE, CVSS scoring, CWE, MitRE ATT&CK Framework, threat intelligence, and CISAPossess strong analytical, written, and verbal communication and documentation skills.
Experience:
Related certifications and/or licenses requiredMember of and recommendation by accredited association in related field preferred Greater than 10 years in related function required3-5 years leading through mentorship in related field required3-5 years leading projects and initiatives through influence requiredHigh School Diploma or equivalent requiredAssociate Degree or High School Equivalent plus 2 additional years of related experience required
What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), training, GM employee auto discount, community service pay and nine company holidays.
Our Culture: Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.
Compensation: Competitive salary and bonus eligibility
Work Life Balance: Flexible hybrid work environment, 4-days a week in office
#LI-hybrid
#GMFjobs
#LI-KC1
About the Role:
The Principal of Vulnerability Management is highly skilled and detail-oriented in the art of Cybersecurity Vulnerability Management. This role is responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across our IT infrastructure, business applications, and cloud environments. The ideal candidate must have a strong technical background in information technology, cybersecurity, vulnerability scanning tools, and risk assessment methodologies. The ideal candidate must be able to assess all vulnerability risks and accurately articulate and document for both technical and non-technical team members the risk level, impacts, and options for remediation and or mitigation of the risk.
In this role, you will:
Support technical direction for vulnerability and scanning supporting technologyBuild and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelinesMonitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilitiesConduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)Serve as a technical escalation point for vulnerability management and remediation effortsBuild and apply protective mitigations teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threatsInterpret complex data from vulnerability scans to pinpoint potential security risks and weaknessesExamine disclosed vulnerabilities, threat scenarios, and mitigating controlsImplement technical recommendations for addressing and mitigating identified vulnerabilitiesPerform technical analysis of all scan results and provide a report of analysis as required