GM Financial
Senior Principal Cybersecurity Engineer, Threat and Vulnerability
GM Financial, Irving, Texas, United States, 75084
Senior Principal Cybersecurity Engineer, Threat and Vulnerability
– Join the GM Financial team. This role is posted
1 week ago
and is open for applications.
Hybrid work environment:
4 days onsite and 1 day remote.
Why GM Financial Cybersecurity?
Innovation isn’t just a talking point at GM Financial; it’s how we operate. Your work will be part of a mission‑focused environment with specialized teams in Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture, and Offensive Security. These teams collaborate to identify, manage, and respond to threats while driving innovation.
Job Description Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, enabling bold innovation and the adoption of cutting-edge technologies.
Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build, and the support to thrive.
Responsibilities The Senior Principal of Vulnerability Management is highly skilled and detail‑oriented, responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across our IT infrastructure, business applications, and cloud environments.
Support and influence technical direction for vulnerability and scanning supporting technology.
Architect, build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines.
Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities.
Conduct continuous discovery and vulnerability assessment of enterprise‑wide assets, including vulnerability scans in support of operational matters (non‑scheduled).
Serve as a technical escalation point for vulnerability management and remediation efforts.
Define, build and apply protective mitigations and work with engineering and infrastructure teams to integrate fixes upstream, and support remediation efforts to close vulnerability exposure to new threats.
Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses.
Examine disclosed vulnerabilities, threat scenarios, and mitigating controls to understand the potential impact on the organization.
Provide specific recommendations for addressing and mitigating identified vulnerabilities, prioritizing effort based on risk, exposure, business impact, threat intelligence, and contextual data.
Perform technical analysis of all scan results and provide a report of analysis as required.
Reporting Structure This role reports to: AVP Cybersecurity.
Qualifications
Experience with leading cross‑functional and/or global initiatives from start to finish.
Advanced knowledge of business acumen and a deep understanding of the business implications of decisions.
In‑depth understanding of company values, mission, vision, and strategic direction.
Comprehensive knowledge of GM Financial’s business operations.
Recognized as an expert across the business unit.
Strong experience in threat modeling, secure design, and code review processes.
Strong knowledge of Windows, Linux, Unix, and other operating system vulnerabilities and mitigation techniques.
Demonstrated knowledge in methods to protect against ransomware threats.
Deep experience building and utilizing highly scalable platforms and tools (e.g., vulnerability scanners, detection pipelines, analytics systems).
Independent ability to aggregate and report on data, utilizing data visualization techniques.
Robust experience securing hybrid/multi‑cloud environments (Azure, AWS).
Proven and verifiable record of building vulnerability tooling and automations integrated into workflows.
Deep understanding of the vulnerability risk landscape and its impact on cyber threats.
Strategic understanding and practical experience with vulnerability remediation priority.
Demonstrated experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures.
Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc.).
Strong experience building and operating Vulnerability Management, Threat Intelligence, or other security programs.
Experience with Python, REST, Node, SQL, and other popular coding languages.
Strong familiarity with computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
Demonstrated experience with DevSecOps and CI/CD methodologies.
Strong understanding of securing container‑based systems (Docker, Kubernetes, etc.).
Working knowledge of CVE, CWE, CVSS scoring, MitRE ATT&CK Framework, threat intelligence, and CISA.
Possess excellent analytical, written, and verbal communication and documentation skills.
Experience
Bachelor’s Degree or Associate Degree plus 2 years of relevant experience required.
12 years minimum experience in related functions.
5–7 years of experience leading through mentorship in a related field.
5–7 years of experience driving thought leadership and innovation across products.
Relevant certifications or licenses preferred.
What We Offer Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), training, GM employee auto discount, community service pay, and nine company holidays.
Our Culture Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work—we thrive.
Compensation Competitive salary and bonus eligibility; this role is eligible for the company vehicle program.
Work Life Balance Flexible hybrid work environment, 4 days a week in office.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
#J-18808-Ljbffr
– Join the GM Financial team. This role is posted
1 week ago
and is open for applications.
Hybrid work environment:
4 days onsite and 1 day remote.
Why GM Financial Cybersecurity?
Innovation isn’t just a talking point at GM Financial; it’s how we operate. Your work will be part of a mission‑focused environment with specialized teams in Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture, and Offensive Security. These teams collaborate to identify, manage, and respond to threats while driving innovation.
Job Description Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, enabling bold innovation and the adoption of cutting-edge technologies.
Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build, and the support to thrive.
Responsibilities The Senior Principal of Vulnerability Management is highly skilled and detail‑oriented, responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across our IT infrastructure, business applications, and cloud environments.
Support and influence technical direction for vulnerability and scanning supporting technology.
Architect, build and maintain scalable vulnerability detection rules, alerts, scripts, and triage pipelines.
Monitor and assess the company’s cybersecurity risks and implement mitigation strategies to address vulnerabilities.
Conduct continuous discovery and vulnerability assessment of enterprise‑wide assets, including vulnerability scans in support of operational matters (non‑scheduled).
Serve as a technical escalation point for vulnerability management and remediation efforts.
Define, build and apply protective mitigations and work with engineering and infrastructure teams to integrate fixes upstream, and support remediation efforts to close vulnerability exposure to new threats.
Interpret complex data from vulnerability scans to pinpoint potential security risks and weaknesses.
Examine disclosed vulnerabilities, threat scenarios, and mitigating controls to understand the potential impact on the organization.
Provide specific recommendations for addressing and mitigating identified vulnerabilities, prioritizing effort based on risk, exposure, business impact, threat intelligence, and contextual data.
Perform technical analysis of all scan results and provide a report of analysis as required.
Reporting Structure This role reports to: AVP Cybersecurity.
Qualifications
Experience with leading cross‑functional and/or global initiatives from start to finish.
Advanced knowledge of business acumen and a deep understanding of the business implications of decisions.
In‑depth understanding of company values, mission, vision, and strategic direction.
Comprehensive knowledge of GM Financial’s business operations.
Recognized as an expert across the business unit.
Strong experience in threat modeling, secure design, and code review processes.
Strong knowledge of Windows, Linux, Unix, and other operating system vulnerabilities and mitigation techniques.
Demonstrated knowledge in methods to protect against ransomware threats.
Deep experience building and utilizing highly scalable platforms and tools (e.g., vulnerability scanners, detection pipelines, analytics systems).
Independent ability to aggregate and report on data, utilizing data visualization techniques.
Robust experience securing hybrid/multi‑cloud environments (Azure, AWS).
Proven and verifiable record of building vulnerability tooling and automations integrated into workflows.
Deep understanding of the vulnerability risk landscape and its impact on cyber threats.
Strategic understanding and practical experience with vulnerability remediation priority.
Demonstrated experience performing risk assessments of vulnerabilities and evaluating compensating and mitigating controls in large, complex infrastructures.
Knowledge of secure coding practices and application security testing (SAST, DAST, SCA, IaC, etc.).
Strong experience building and operating Vulnerability Management, Threat Intelligence, or other security programs.
Experience with Python, REST, Node, SQL, and other popular coding languages.
Strong familiarity with computer networking operations, TCP/IP networking, network fabrics, OSI layers, and corporate networking devices and their operating systems.
Demonstrated experience with DevSecOps and CI/CD methodologies.
Strong understanding of securing container‑based systems (Docker, Kubernetes, etc.).
Working knowledge of CVE, CWE, CVSS scoring, MitRE ATT&CK Framework, threat intelligence, and CISA.
Possess excellent analytical, written, and verbal communication and documentation skills.
Experience
Bachelor’s Degree or Associate Degree plus 2 years of relevant experience required.
12 years minimum experience in related functions.
5–7 years of experience leading through mentorship in a related field.
5–7 years of experience driving thought leadership and innovation across products.
Relevant certifications or licenses preferred.
What We Offer Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), training, GM employee auto discount, community service pay, and nine company holidays.
Our Culture Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work—we thrive.
Compensation Competitive salary and bonus eligibility; this role is eligible for the company vehicle program.
Work Life Balance Flexible hybrid work environment, 4 days a week in office.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
#J-18808-Ljbffr