Principal Cybersecurity Engineer, Threat and Vulnerability

Hybrid work environment: 4 days onsite and 1 day remote

Why GM Financial Cybersecurity?

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive. 

About the Role:

The Principal of Vulnerability Management is highly skilled and detail-oriented in the art of Cybersecurity Vulnerability Management. This role is responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across our IT infrastructure, business applications, and cloud environments. The ideal candidate must have a strong technical background in information technology, cybersecurity, vulnerability scanning tools, and risk assessment methodologies.  The ideal candidate must be able to assess all vulnerability risks and accurately articulate and document for both technical and non-technical team members the risk level, impacts, and options for remediation and or mitigation of the risk.

In this role, you will:

• Support technical direction for vulnerability and scanning supporting technology
• Build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
• Monitor and assess the company's cybersecurity risks and implement mitigation strategies to address vulnerabilities  
• Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including  vulnerability scans in support of operational matters (non-scheduled)
• Serve as a technical escalation point for vulnerability management and remediation efforts
• Build and apply protective mitigations teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
• Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
• Examine disclosed vulnerabilities, threat scenarios, and mitigating controls  
• Implement technical recommendations for addressing and mitigating identified vulnerabilities  
• Perform technical analysis of all scan results and provide a report of analysis as required

Reporting Structure:

This role reports to : VP Cybersecurity 
 

What Makes You A Dream Candidate?

• Experience with leading initiatives from start to finish
• Strong knowledge of business acumen and a deep understanding of business implications of decisions
• Recognized as a subject matter expert in area(s) of specialty
• Experience in threat modeling, secure design, and code review processes
• Demonstrated knowledge of Windows, Linux, Unix, and other operating system's vulnerabilities and ways to stop and/or mitigate
• Demonstrated Knowledge on how to protect against ransomware threats
• Experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
• Ability to aggregate and report on data, utilizing data visualization techniques  
• Experience securing hybrid/multi cloud environments (Azure, AWS)
• Experience building vulnerability tooling and automations integrated into workflows
• Understanding of the vulnerability risk landscape and its impact on cyber threats
• Working experience prioritizing vulnerability remediation  
• Experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls  
• Experience building and operating Vulnerability Management, Threat Intelligence, or other security programs  
• Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
• Experience with Python, REStREST, Node, SWL, and understanding of one or more VM scanners and other popular coding languages
• Familiarity of computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
• Familiarity with TCP/IP networking
• Comfortability with DevSecOps and Comfortability with CI/CD methodologies and container security
• Familiarity with securing container-based systems (Docker, Kubernetes, etc)
• Understanding of CVE, CVSS scoring, CWE, MitRE ATT&CK Framework, threat intelligence, and CISA
• Possess strong analytical, written, and verbal communication and documentation skills. 

Experience and Education:

• Greater than 10 years of experience in related function required
• 3-5 years of experience leading through mentorship in related field required
• 3-5 years of experience leading projects and initiatives through influence required
• High School Diploma or equivalent required
• Associate's Degree or High School Diploma plus 2 additional years of related experience required
• Related certifications and/or licenses required
• Member of and recommendation by accredited association in related field preferred

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Compensation: Competitive salary and bonus eligibility;

Work Life Balance: Flexible hybrid work environment, 4-days a week in office
 

#LI-hybrid

#GMFjobs

#LI-KC1