Job Specifications
Job Description
Hybrid work environment: 4 days onsite and 1 day remote
Why GM Financial Cybersecurity?
Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.
Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.
Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.
Responsibilities
About the Role:
GM Financial is seeking a Senior Principal Cybersecurity Engineer to join our Incident Response team! As a technical leader and subject matter expert for assigned business unit, the Senior Principal will be a key influencer in the achievement of strategic alignment and provide a positive impact on business value. The Senior Principal will work with leaders in the business unit to identify initiatives with high impact which drive the business strategy forward. The person in this role is also expected to be an energetic, dynamic and innovative leader and influencer, acting as an avid promoter of process improvement to enhance productivity and performance of assigned business area. The Senior Principal is an established and recognized figure both internally and externally. This person will represent GM Financial in the broader community and serve as a de-facto ambassador for the organization. It will be important for the Senior Principal to maintain a strong network in the community and represent GM Financial well.
In This Role, You Will
Actively participate in incident investigations, covering detection, containment, eradication, recovery, and post-incident reviews
Develop and enhance incident response tools, scripts, and frameworks to improve efficiency, accuracy, and scalability of detection, response and investigations
Conduct and enhance memory/network/host/cloud forensics, malware reverse-engineering, and automated triage
Create customized tactical and strategic remediation plans related to alerts and incidents identified inside the GMF landscape as well as identified in the wild
Convey analytical findings through finished technical reports post incident
Identify and codify attacker TTPs and IOCs, feeding them into detection pipelines and IR playbooks
Gather and analyze cybersecurity data, technology tools and risk systems to identify security exposures
Lead or participate in tabletop exercises, Purple Team sessions, and threat fencing simulation
Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or anomalous activity
Stay proactively ahead of the threat landscape—monitor zero-days, vulnerabilities, and advanced persistent threats
Reporting Structure
This role reports to: VP Cybersecurity Strategy and Operations
Qualifications
What makes you a dream candidate?
Experience with leading cross-functional and/or global initiatives from start to finish
Advanced knowledge of business acumen and a deep understanding of business implications of decisions
In-depth understanding of company values, mission, vision and strategic direction
Comprehensive knowledge of GM Financial’s business operations
Recognized as an expert across the business unit
Experience building detection rules and associated
Experience with threat intelligence techniques and detection rules, and a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise
Strong experience conducting or managing incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hacktivists
Strong ability to independently develop and implement risk hunting methodologies
Skilled in network, endpoint, memory, disk, and cloud forensics—with documented lead roles in complex investigations
Working knowledge of global cyber threats, threat actors, adversary tactics, techniques and procedures
Experience with TTPs, IOCs, and the MITRE ATT&CK and RE&ACT framework
Strong understanding of cloud incident response on platforms like Azure or AWS including working knowledge of how to implement logging and monitoring within them
Consistent experience on case management, following workflows, communicating incidents, and retrieving necessary data
Verifiably skilled in scripting to build or improve incident response
Demonstrated experience constructing and