Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with the security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.  As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries.  We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team. 

What makes you a dream candidate?

Advanced knowledge of networking concepts including TCP/IP, OSI model, routing, switching, and subnetting in hybrid and cloud environmentsStrong expertise in cloud infrastructure design, architecture, and management across Azure, AWS, or GCPDeep understanding of IT Service Management (ITSM) frameworks and their application in cloud operationsProven experience implementing cloud security solutions such as intrusion prevention, database activity monitoring and container security platformsSkilled in tuning cloud security tools and alerting systems to reduce noise and improve detection fidelityExperience collaborating across cybersecurity, DevOps, and cloud engineering teams to align security with business goalsStrong understanding of application-layer protocols (HTTP, SSH, SSL, DNS) and their security implications in cloud deploymentsUp-to-date knowledge of global cloud security and privacy regulations, advisories, and compliance requirementsDemonstrated ability to develop and maintain custom detection rules for cloud-native and third-party security toolsExperience working with Compliance and Legal teams to define cloud-specific detection and data protection requirementsSolid understanding of cloud service models (IaaS, PaaS, SaaS) and shared responsibility modelsHands-on experience securing workloads in Azure, AWS, or GCP, including identity, storage, and networking componentsProficiency in deploying and managing infrastructure using Infrastructure as Code (IaC) tools such as TerraformExperience securing containerized applications, Kubernetes clusters, and managed Kubernetes services (e.g., AKS, EKS, GKE)Experience working in Agile and DevOps environments with a focus on integrating security into CI/CD pipelinesProficiency with Linux-based systems and microservice architectures in cloud-native environmentsScripting and automation experience using Python, Go, Ruby, or similar languages for cloud security automationDemonstrated success in managing cloud security projects and initiativesStrategic thinker with strong communication skills and the ability to influence across technical and business teamsSkilled in analyzing cloud telemetry and logs to identify trends, anomalies, and potential threatsExperience with alternate access and management methods such as SSH, serial console, and cloud-native CLI toolsExpert-level knowledge of cloud security controls, frameworks (e.g., NIST CSF, ISO 27001), and best practicesAdvanced experience with network segmentation, virtual networking, and cloud-native firewalling

Experience and Education :

3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferredMinimum of 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferredBachelor’s Degree in related field or equivalent work experience strongly preferred
Licenses:One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, CPTS, is highly preferred
 

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Compensation: Competitive pay and bonus eligibility

Work Life Balance: Flexible hybrid work environment, 4-days a week onsite in one of our offices in the Dallas Fort-Worth metroplex
 

 

#LI-KC1

 

#GMFjobs

 

 

 

About the role:
The Sr Cybersecurity Engineer is responsible for developing, deploying, monitoring, tuning, evaluating, reporting, and maintaining systems and procedures; and to identify and mitigate threats to the corporate network, corporate assets, and corporate users.  This is not limited to on-premises as most activities involves cloud-based infrastructure.  This team member will identify core requirements, design and implement security technologies and work with stakeholders to perform ongoing tuning and alerting on those technologies. Security technologies will include but are not limited to: Building Cloud security guardrails, building Splunk queries and alerts, engineering and tuning policies and alerts, implementing various other cybersecurity related products in an enterprise environment.  This team member will be responsible for both technical implementation of systems and communication of security requirements to management and security leadership.  Additionally, this team member will be responsible, as necessary, with assisting in investigations into security threats.

Engineer, design, install and support security technologies such as Data Loss Prevention (DLP), Host Intrusion Prevention (HIPS), Security Incident and Event Managers (SIEM), Endpoint Security, Vulnerability Management (VM), Email Gateways, Breach Mitigation, Certificate Management, SSL encryption and decryption, Identity Management, Cloud Security, Database Security, Web GatewaysProactively identifies potential technologies to better secure enterprise information assetsUsing information from threat intelligence feeds, incident response and SIEM analysis, identifies and deploys custom rules and policies to security technologies to further protect information assetsWorks with cybersecurity management to develop and implement project plans to rapidly mature security initiativesParticipation in periodic information systems risk assessments, as well as emergency response team activities for responding to various security incidentsPrepare and update information procedures, standards and/or other technical requirement documentsDevelop detailed proposals and plans for new information security systems that would enhance or enable new capabilities for network or host systemsRecommends and evaluates security tools to identify more efficient and effective security measures