Principal Cybersecurity Engineer, Threat and Vulnerability

About The Position

Requirements

• Experience with leading initiatives from start to finish
• Strong knowledge of business acumen and a deep understanding of business implications of decisions
• Strong understanding of company values, mission, vision and strategic direction
• Thorough knowledge of GM Financial’s business operations
• Recognized as a subject matter expert in area(s) of specialty
• Experience in threat modeling, secure design, and code review processes
• Demonstrated knowledge of Windows, Linux, Unix, and other operating system’s vulnerabilities and ways to stop and/or mitigate
• Demonstrated Knowledge on how to protect against ransomware threats
• Experience building and utilizing highly scalable platforms and tools (e.g., Vulnerability scanners, detection pipelines, analytics systems)
• Ability to aggregate and report on data, utilizing data visualization techniques
• Experience securing hybrid/multi cloud environments (Azure, AWS)
• Experience building vulnerability tooling and automations integrated into workflows
• Understanding of the vulnerability risk landscape and its impact on cyber threats
• Working experience prioritizing vulnerability remediation
• Experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls
• Experience building and operating Vulnerability Management, Threat Intelligence, or other security programs
• Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc).
• Experience with Python, REStREST, Node, SWL, and understanding of one or more VM scanners and other popular coding languages
• Familiarity of computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
• Familiarity with TCP/IP networking
• Comfortability with DevSecOps and Comfortability with CI/CD methodologies and container security
• Familiarity with securing container-based systems (Docker, Kubernetes, etc)
• Understanding of CVE, CVSS scoring, CWE, MitRE ATT&CK Framework, threat intelligence, and CISA
• Possess strong analytical, written, and verbal communication and documentation skills.
• Greater than 10 years of experience in related function required
• 3-5 years of experience leading through mentorship in related field required
• 3-5 years of experience leading projects and initiatives through influence required
• High School Diploma or equivalent required
• Associate's Degree or High School Diploma plus 2 additional years of related experience required
• Related certifications and/or licenses required

Nice To Haves

• Member of and recommendation by accredited association in related field preferred

Responsibilities

• Support technical direction for vulnerability and scanning supporting technology
• Build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines
• Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities
• Conduct continuous discovery and vulnerability assessment of enterprise-wide assets, including vulnerability scans in support of operational matters (non-scheduled)
• Serve as a technical escalation point for vulnerability management and remediation efforts
• Build and apply protective mitigations teams to integrate fixes upstream, and to support remediation efforts to close vulnerability exposure to new threats
• Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses
• Examine disclosed vulnerabilities, threat scenarios, and mitigating controls
• Implement technical recommendations for addressing and mitigating identified vulnerabilities
• Perform technical analysis of all scan results and provide a report of analysis as required

Benefits

• Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), training, GM employee auto discount, community service pay and nine company holidays.
• Competitive salary and bonus eligibility
• Flexible hybrid work environment, 4-days a week in office