Staff Cyber Detection Incident Analyst - Security Operations

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent experience.
• 8+ years of experience in cybersecurity with specialization in detection engineering, SOC operations, incident response, threat hunting, or intrusion detection.
• Demonstrated ability to lead complex investigations and drive detection improvements at enterprise scale.
• Strong analytical skills with the ability to interpret large, complex datasets and communicate findings to both technical and executive audiences.
• Advanced experience with EDR/XDR, SIEM, NDR, identity protection platforms, cloud-native and SaaS security tools.
• Experience with vehicle security, embedded systems security, or in-vehicle telemetry.
• Experience supporting manufacturing or OT security environments.
• Strong understanding of application security, runtime observability, CI/CD pipelines, and API abuse detection techniques.
• Hands-on scripting experience (Python, PowerShell, KQL, etc.) to enrich detections and automate investigative workflows.
• Deep experience with network security monitoring, packet analysis, and intrusion detection methodologies.
• Proven experience detecting and responding to threats in cloud environments (Azure, AWS, GCP).
• Demonstrated success mentoring analysts/peers and excellence working effectively in a collaborative team environment.
• Expert-level understanding of log analytics, detection engineering principles, behavioral analytics, and adversary TTPs.

Nice To Haves

• Industry certifications such as GCIA, GCIH, GCTI, GCTH, AWS/Azure/GCP Security, or equivalent advanced certifications.
• 10+ years of experience in detection engineering, threat hunting, or advanced security operations.
• Experience leading enterprise-scale security initiatives, detection modernization programs, or tooling evaluations.

Responsibilities

• Serve as a senior technical authority for cyber detection, providing architectural guidance and leadership across SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms.
• Lead deep-dive investigations and expert-level triage of complex security events using endpoint, network, identity, cloud, application, and SaaS telemetry.
• Drive incident escalation workflows and partner closely with Incident Response, Threat Intelligence, Cloud, Identity, and Engineering teams to ensure rapid and effective containment and remediation.
• Conduct advanced, hypothesis-driven threat hunts across on-prem, cloud (Azure, AWS, GCP), SaaS, and identity ecosystems using behavioral analytics, adversary tradecraft, and intelligence-driven methodologies.
• Correlate large-scale telemetry to uncover sophisticated attack patterns, stealthy behaviors, and systemic visibility gaps.
• Apply expert understanding of OS internals, adversary behaviors, cloud architectures, authentication protocols, and network fundamentals to assess impact and guide detection enhancements.
• Integrate threat intelligence—including IOCs, behavioral analytics, and MITRE ATT&CK techniques—into scalable detection logic, analytic frameworks, and hunting practices.
• Design, develop, and tune high-fidelity detections across: SIEM: advanced correlations, anomaly models, enrichment pipelines EDR/XDR: behavioral rules, event-pattern analytics, custom detections NDR: network anomalies, lateral movement detection, protocol analysis SOAR: high-impact automation workflows and enrichment routines Cloud-native tools: Microsoft Defender, Sentinel, AWS GuardDuty, GCP SCC SaaS platforms: O365, major IdP/IAM platforms, API telemetry sources
• Evaluate emerging detection technologies, research, and analytics capabilities to continuously improve visibility, reduce MTTD, and enhance operational efficiency.
• Mentor analysts and engineers, review escalations, provide technical leadership, and drive standardization of detection processes and quality across teams.
• Influence detection strategy, tooling decisions, and long-term capability roadmaps across Security Operations and the broader GM security organization.
• Participate in the on-call rotation to support 24×7 monitoring and response.

Benefits

• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.