Sr Cybersecurity Engineer

Sr Cybersecurity Engineer – Incident Response

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

Responsibilities

The Sr Cybersecurity Engineer – Incident Response will lead the detection, investigation, and response to complex cybersecurity threats, driving advanced incident response activities and enhancing security monitoring across a broad range of technologies. If you are looking to make a meaningful impact by applying your extensive cybersecurity experience to improve detection capabilities, guide response efforts, and strengthen the organization's overall security posture, GM Financial is the place to do it.

In this role you will:

• Participate in incident investigations, covering detection, containment, eradication, recovery, and post-incident reviews
• Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity
• Act as the senior escalation point for complex investigations, providing investigative direction and response strategy
• Develop and standardize incident response playbooks to improve consistency and efficiency
• Identify and codify attacker TTPs and IOCs, feeding them into detection pipelines and IR playbooks
• Stay current with evolving attack techniques and security technologies to design, build, and continuously refine cloud detections and alerts across Azure and Microsoft 365
• Participate in an on-call rotation to support timely response to security incidents outside of standard business hours

Qualifications

What makes you an ideal candidate?

• Knowledge of TCP/IP networking, OSI model and IP subnetting
• Knowledge of analysis tools like Bro/Zeek or Suricata, and ability to perform analysis of associated network logs
• Knowledge of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Knowledge of Windows operating systems and general knowledge of Unix, Linux, and Mac operating systems
• Knowledge of cloud incident response on platforms like Azure
• Hands-on experience responding to security incidents in cloud and on-prem environments
• Experience writing and optimizing Splunk queries for investigation and threat hunting across various data sources
• Ability to use scripting and automation to acquire evidence, investigate at scale, and accelerate response actions
• Experience translating investigations into repeatable response processes, documentation, and improvement opportunities for detection and prevention
• Demonstrated ability to communicate across multiple levels of stakeholders
• Ability to document and summarize technical evidence and findings
• Good interpersonal, verbal, and written communication skills across various mediums
• Detail oriented with good analytical skills and ability to formulate decisions based on evidence gathering
• Ability to exercise prudent judgment and offer knowledgeable recommendations
• Ability to work both independently and in a team environment
• Ability to manage multiple projects, tasks, and investigations
• Ability to work in sensitive situations
• Be a reputable representative of the department

Additional Knowledge and Skills

• Working effectively within an AI enabled environment:
• Ability to use AI tools (e.g., Microsoft Copilot) to support daily work
• Skills in evaluating AI outputs for accuracy, compliance, and bias
• Experience integrating AI into workflows to improve efficiency or insights
• Familiarity with AI assisted research, summarization, and content generation
• Understanding of responsible AI use, including ethics and data protection
• Work Experience & Education
• 3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent work experience strongly preferred
• Licenses and Certifications
• One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred

What We Offer:

Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture:

Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Compensation:

Competitive pay and bonus eligibility.

Work Life Balance:

Flexible hybrid work environment, 4-days a week in office.

NOTE: We are unable to consider candidates who require visa sponsorship for this position

This position is not open to agency submissions