GM Financial
Overview
Flexible hybrid work environment: 4-days a week in office. Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys support to deliver high-level security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM Financial, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Responsibilities
About the Role The
AVP Offensive Security
will lead planning, execution, and oversight of all offensive security initiatives, including advanced threat simulations, penetration testing, and ethical hacking in both physical and digital environments. Collaborating closely with Cybersecurity peers, this role manages a skilled team that fosters innovation while aligning operations with business priorities. By proactively developing attack methodologies and addressing real-world adversary tactics targeting enterprise financial services, the AVP strengthens GM Financial’s defenses and ensures the protection of sensitive customer and financial data.
Strategic Leadership & Program Management
Develop and execute a comprehensive offensive security strategy aligned with the company’s business goals and risk appetite
Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
Collaborate with Cybersecurity peers and partners to ensure comprehensive attack coverage and feedback loops
Lead and mentor a team of offensive security professionals, fostering a culture of innovation, continuous learning, and excellence
Manage the full lifecycle of offensive security engagements, including scope definition, execution, reporting, and remediation tracking
Establish and maintain a robust penetration testing program that covers all critical applications, infrastructure, and network components
Technical Execution & Oversight
Oversee and conduct advanced penetration tests on web applications, mobile applications, APIs, network infrastructure, and physical locations
Perform vulnerability research and exploit development to identify and test zero-day vulnerabilities in our systems
Analyze and interpret complex security data to identify trends, emerging threats, and areas for improvement
Stay current with the latest offensive security tools, techniques, and procedures (TTPs) and apply them to our security assessments
Conduct Cybersecurity Tabletop exercises and summarize the exercise for senior leadership, including areas of success and opportunities for improvement
Communication & Collaboration
Communicate complex security risks and findings to both technical and non-technical stakeholders across the organization, including senior leadership
Integrate the identification and remediation of findings with other Cybersecurity departments, business owners, and IT partners
Deliver detailed post-engagement reports with risk-rated findings, proof of concept artifacts, and remediation guidance
Partner with development, IT, Digital, and business teams to ensure security is integrated into the software development lifecycle (SDLC) and business processes
Act as a subject matter expert for internal teams on offensive security topics
Establish and maintain partnerships with key peers to ensure the success of the Offensive Security Team
Reporting Structure
Report to: SVP Cybersecurity Architecture & Offensive Security
Qualifications
What makes you a dream candidate?
Extensive experience in network and application penetration testing, red and purple teaming, threat emulation and modeling, and attack path development using MITRE ATT&CK
Advanced knowledge of internal testing tactics, state-sponsored threat actor techniques, and insider threat behaviors to assess risk from an adversarial perspective
Advanced knowledge in securing operating systems, databases, applications, and network protocols, including hands-on experience with Windows, UNIX/Linux, SQL, Oracle, and application source code reviews
Proficient with common penetration testing tools (e.g., Metasploit, Burp Suite, Cobalt Strike, Brute Ratel)
Proficient in one or more languages (e.g., Python, Ruby, Perl, Bash, Java) with experience developing custom exploits
Ensure operations align with industry regulations and compliance standards (NIST, CCPA/CPRA, PIPEDA, LGPD, CFPB, GDPR, NYDFS, etc.)
Strong interpersonal, written, and verbal communication skills with the ability to influence at all levels
Leadership skills including delegation, coaching, training, development, and performance management
Ability to lead through influence, collaboration, and teamwork
Ability to manage multiple projects and maintain integrity with confidential information
Experience in the financial services or automotive industries is a significant plus
Experience
12+ years in Cybersecurity or related fields
5+ years in a dedicated offensive security role including penetration testing, vulnerability management or ethical hacking
5+ years of supervisory/leadership experience
5+ years in large, complex environments with senior management interaction
High School Diploma or equivalent; Bachelor’s Degree in a related field
Cybersecurity certifications (e.g., CISSP, OSCP, OSCE, CRTO, GPEN, GWAPT, GXPN) preferred
What We Offer
Generous benefits package available on day one to include 401K matching, parental leave, tuition assistance, training, GM employee auto discount, community service pay, and nine company holidays. Our Culture : We welcome new ideas, foster integrity, and create a sense of community and belonging. We thrive together. Compensation : Competitive salary and bonus eligibility; role may be eligible for company vehicle program. Work Life Balance : Flexible hybrid work environment, 4-days a week in office. Note: This job description reflects GM Financial's current needs and is subject to change without notice.
#J-18808-Ljbffr
Flexible hybrid work environment: 4-days a week in office. Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys support to deliver high-level security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM Financial, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Responsibilities
About the Role The
AVP Offensive Security
will lead planning, execution, and oversight of all offensive security initiatives, including advanced threat simulations, penetration testing, and ethical hacking in both physical and digital environments. Collaborating closely with Cybersecurity peers, this role manages a skilled team that fosters innovation while aligning operations with business priorities. By proactively developing attack methodologies and addressing real-world adversary tactics targeting enterprise financial services, the AVP strengthens GM Financial’s defenses and ensures the protection of sensitive customer and financial data.
Strategic Leadership & Program Management
Develop and execute a comprehensive offensive security strategy aligned with the company’s business goals and risk appetite
Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
Collaborate with Cybersecurity peers and partners to ensure comprehensive attack coverage and feedback loops
Lead and mentor a team of offensive security professionals, fostering a culture of innovation, continuous learning, and excellence
Manage the full lifecycle of offensive security engagements, including scope definition, execution, reporting, and remediation tracking
Establish and maintain a robust penetration testing program that covers all critical applications, infrastructure, and network components
Technical Execution & Oversight
Oversee and conduct advanced penetration tests on web applications, mobile applications, APIs, network infrastructure, and physical locations
Perform vulnerability research and exploit development to identify and test zero-day vulnerabilities in our systems
Analyze and interpret complex security data to identify trends, emerging threats, and areas for improvement
Stay current with the latest offensive security tools, techniques, and procedures (TTPs) and apply them to our security assessments
Conduct Cybersecurity Tabletop exercises and summarize the exercise for senior leadership, including areas of success and opportunities for improvement
Communication & Collaboration
Communicate complex security risks and findings to both technical and non-technical stakeholders across the organization, including senior leadership
Integrate the identification and remediation of findings with other Cybersecurity departments, business owners, and IT partners
Deliver detailed post-engagement reports with risk-rated findings, proof of concept artifacts, and remediation guidance
Partner with development, IT, Digital, and business teams to ensure security is integrated into the software development lifecycle (SDLC) and business processes
Act as a subject matter expert for internal teams on offensive security topics
Establish and maintain partnerships with key peers to ensure the success of the Offensive Security Team
Reporting Structure
Report to: SVP Cybersecurity Architecture & Offensive Security
Qualifications
What makes you a dream candidate?
Extensive experience in network and application penetration testing, red and purple teaming, threat emulation and modeling, and attack path development using MITRE ATT&CK
Advanced knowledge of internal testing tactics, state-sponsored threat actor techniques, and insider threat behaviors to assess risk from an adversarial perspective
Advanced knowledge in securing operating systems, databases, applications, and network protocols, including hands-on experience with Windows, UNIX/Linux, SQL, Oracle, and application source code reviews
Proficient with common penetration testing tools (e.g., Metasploit, Burp Suite, Cobalt Strike, Brute Ratel)
Proficient in one or more languages (e.g., Python, Ruby, Perl, Bash, Java) with experience developing custom exploits
Ensure operations align with industry regulations and compliance standards (NIST, CCPA/CPRA, PIPEDA, LGPD, CFPB, GDPR, NYDFS, etc.)
Strong interpersonal, written, and verbal communication skills with the ability to influence at all levels
Leadership skills including delegation, coaching, training, development, and performance management
Ability to lead through influence, collaboration, and teamwork
Ability to manage multiple projects and maintain integrity with confidential information
Experience in the financial services or automotive industries is a significant plus
Experience
12+ years in Cybersecurity or related fields
5+ years in a dedicated offensive security role including penetration testing, vulnerability management or ethical hacking
5+ years of supervisory/leadership experience
5+ years in large, complex environments with senior management interaction
High School Diploma or equivalent; Bachelor’s Degree in a related field
Cybersecurity certifications (e.g., CISSP, OSCP, OSCE, CRTO, GPEN, GWAPT, GXPN) preferred
What We Offer
Generous benefits package available on day one to include 401K matching, parental leave, tuition assistance, training, GM employee auto discount, community service pay, and nine company holidays. Our Culture : We welcome new ideas, foster integrity, and create a sense of community and belonging. We thrive together. Compensation : Competitive salary and bonus eligibility; role may be eligible for company vehicle program. Work Life Balance : Flexible hybrid work environment, 4-days a week in office. Note: This job description reflects GM Financial's current needs and is subject to change without notice.
#J-18808-Ljbffr