Cybersecurity Engineer

Cybersecurity Engineer – Incident Response Detection Engineer

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

Responsibilities

The Cybersecurity Engineer – Incident Response Detection Engineer is responsible for designing proactive defenses that keep us ahead of evolving cyber threats. In this role, you'll leverage SIEM analytics and detection engineering techniques to craft precise detection rules, optimize log analysis, and identify anomalous activity using a wide variety of tooling across on-prem and cloud environments. Security technologies may include but are not limited to: Data Loss Prevention (DLP), Security Incident Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Intrusion Detections System (IDS)/Intrusion Prevention System (IPS), Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR), Network Detection and Response (NDR), Security Orchestration, Automation and Response (SOAR), and Web and Email Security Tooling.

In this role you will:

• Develop and maintain detection rules at source and within a SIEM to identify anomalous behaviors, suspicious activity, and emerging threats across on-prem and cloud environments
• Manage, filter, and correlate high-volume telemetry from multiple sources to produce actionable insights
• Align detection engineering efforts with CSIRT operational goals, ensuring seamless integration with incident response workflows and Detection as Code (DaC) Pipelines
• Continuously improve alert fidelity by tuning detection logic and reducing false positives
• Perform threat hunting and detection gap analysis to proactively identify coverage gaps and strengthen detection capabilities
• Investigate security incidents from detection to resolution, engaging in any containment, eradication and recovery actions as needed
• Conduct purple teaming exercises and analyze resulting log activity to validate detection coverage and identify gaps
• Collaborate with our threat intelligence team to incorporate emerging indicators and TTPs into detection strategies
• Document detection logic, tuning, playbooks and validation results for transparency, auditability, and knowledge sharing
• Stay current with evolving attack techniques and security technologies to adapt detection strategies accordingly
• Participate in an on ‑ call rotation as needed to support timely response to security incidents outside of standard business hours

Qualifications

What makes You an ideal candidate?

Knowledge and Skills

• Strong technical skills and hands on experience in Cybersecurity Defensive Operations as it relates to alert triage, on-going monitoring, detection, investigation, and incident response activities
• Understanding of Cybersecurity concepts such as SIEM analytics, Endpoint security, Network security, Cloud security, Data Loss Prevention/Data Privacy, and Web/Email security
• Practical understanding of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Demonstrate familiarity with AI and large language models (LLMs) and their application in cybersecurity, including how they can support threat detection, analysis, and decision ‑ making
• Strong knowledge of the OSI model and security that is associated with each layer
• Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux/Mac, web/email traffic fundamentals, and using a command line interface (CLI)
• Practical understanding of cloud providers, technologies, and concepts
• Understanding of Agile, CI/CD, and DevOps environments
• Experience with scripting languages such as Python or PowerShell
• Demonstrated ability to communicate across multiple levels of stakeholders
• Ability to document and summarize technical evidence and findings
• Good interpersonal, verbal, and written communication skills across various mediums
• Detail oriented with good time and analytical skills
• Ability to exercise prudent judgment and offer knowledgeable recommendations
• Ability to work both independently and in a team environment
• Ability to manage multiple projects, tasks, and investigations
• Ability to work in sensitive situations
• Be a reputable representative of the department
• Attention to detail and ability to formulate decisions based on evidence gathering

Education & Work Experience

• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent work experience strongly preferred
• 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• 1-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred

Licenses and Certifications

• One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred

What We Offer : Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Compensation: Competitive pay and bonus eligibility.

Work Life Balance: Flexible hybrid work environment, 4-days a week in office.

NOTE: We are unable to consider candidates who require visa sponsorship for this position

This position is not open to agency submissions

Job Info

• Job Identification 260063
• Job Category Technology
• Posting Date 05/18/2026, 11:52 AM
• Job Schedule Full time
• Locations 4001 Embarcadero, Arlington, TX, 76014, US (Hybrid)