Job Specifications
Job Description
Hybrid work environment: 4 days onsite and 1 day remote
Why GM Financial Cybersecurity?
Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.
Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.
Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.
Responsibilities
About the Role:
The Senior Principal of Vulnerability Management is highly skilled and detail-oriented in the art of Cybersecurity Vulnerability Management. This role is responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across our IT infrastructure, business applications, and cloud environments. The ideal candidate must have a strong well rounded technical background in information technology, cybersecurity, vulnerability scanning tools, and risk assessment methodologies. The ideal candidate must be able to assess all vulnerability risks and accurately articulate and document for both technical and non-technical team members the risk level, impacts, and options for remediation and or mitigation of the risk.
In This Role, You Will
Support and influence technical direction for vulnerability and scanning supporting technology
Architect, build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities
Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
Serve as a technical escalation point for vulnerability management and remediation efforts
Define, build and apply protective mitigations and work with engineering and infrastructure teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
Examine disclosed vulnerabilities, threat scenarios, and mitigating controls to understand the potential impact on the organization
Provide specific recommendations for addressing and mitigating identified vulnerabilities, prioritizing effort based on factors such as risk, exposure, business impact, threat intelligence, and contextual data
Perform technical analysis of all scan results and provide a report of analysis as required
Reporting Structure
This role reports to: VP Cybersecurity
Qualifications
What makes you a dream candidate?
Experience with leading cross-functional and/or global initiatives from start to finish
Advanced knowledge of business acumen and a deep understanding of business implications of decisions
In-depth understanding of company values, mission, vision and strategic direction
Comprehensive knowledge of GM Financial’s business operations
Recognized as an expert across the business unit
Strong experience in threat modeling, secure design, and code review processes
Strong knowledge of Windows, Linux, Unix, and other operating system’s vulnerabilities and ways to stop them
Demonstrated knowledge in methods to protect against ransomware threats
Deep experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
Independent ability to aggregate and report on data, utilizing data visualization techniques
Robust experience securing hybrid/multi cloud environments (Azure, AWS)
Proven and verifiable record of building vulnerability tooling and automations integrated into workflows
Deep understanding of the vulnerability risk landscape and its impact on cyber threats
Strategic understanding and practical experience with vulnerability remediation priority
Demonstrated experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures
Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
Strong experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
Experience with Python, REST, Node, SWL, and other popular coding languages.
Strong familiarity with computer networking operations, TCP/IP networking, ne