Principal Cybersecurity Engineer, Incident Response Job at GM Financial in Irvin

Principal Cybersecurity Engineer, Incident Response Join GM Financial as a Principal Cybersecurity Engineer, Incident Response. Hybrid work environment: 4 days onsite and 1 day remote. Why GM Financial Cybersecurity? Innovation is a core value. Work across specialized teams—Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture, and Offensive Security—collaborating to identify, manage, and respond to threats while driving innovation. Cybersecurity is central to our strategic vision, with direct reporting lines to the CEO for leadership visibility. Shape the future of Cybersecurity at GM Financial, with freedom to explore, the tools to build, and support to thrive. Responsibilities Participate in incident investigations, covering detection, containment, eradication, recovery, and post‑incident reviews. Enhance incident response tools, scripts, and frameworks to improve efficiency, accuracy, and scalability of detection, response and investigations. Conduct memory/network/host/cloud forensics, malware reverse‑engineering, and automated triage. Create customized tactical and strategic remediation plans for alerts and incidents identified inside the GMF landscape and in the wild. Produce analytical findings through technical reports post‑incident. Identify and codify attacker TTPs and IOCs, feeding them into detection pipelines and IR playbooks. Gather and analyze cybersecurity data, technology tools and risk systems to identify security exposures. Participate in tabletop exercises, Purple Team sessions, and threat fencing simulation. Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or anomalous activity. Stay ahead of the threat landscape—monitor zero‑days, vulnerabilities, and advanced persistent threats. Qualifications Experience with threat intelligence techniques, detection rules, and forensic analysis tools in incident response investigations. Experience conducting or managing incident response investigations for organizations, targeting APTs, organized crime, and hacktivists. Proven ability to develop and implement risk hunting methodologies. Experience with network, endpoint, memory, disk, and cloud forensics. Knowledge of global cyber threats, threat actors, and adversary TTPs. Familiarity with TTPs, IOCs, MITRE ATT&CK, and RE&ACT frameworks. Understanding of cloud incident response on Azure or AWS, including logging and monitoring implementation. Experience with case management, workflow communication, and data retrieval. Skilled in scripting to build or improve incident response tools. Ability to construct and test APIs. Knowledge of NIST incident response roles and capabilities. Proficient with TCP/IP, OSI model, IP subnetting. Knowledge of CI/CD and Detection as Code. Knowledge of analysis tools such as Bro/Zeek or Suricata, Splunk SPL, and network log analysis. Understanding of secure network architecture and operations. Technical understanding of HTTP, SSH, SSL, DNS, and other application layer protocols. Knowledge of common network protocols and design patterns (TCP/IP, HTTPS, FTP, SFTP, SSH, RDP, CIFS/SMB, NFS). Experience with Python, PowerShell, Bash, and data science principles. In‑depth understanding of Windows, Unix, Linux, and macOS operating systems. Proficient with Yara rule creation and malware detection. Knowledge of current malware evasion techniques. Experience with static and dynamic malware analysis and reporting. Experience with reverse‑engineering various file formats and complex malware samples. Experience Related certifications and/or licenses required. Member of or recommendation by an accredited association in a related field preferred. Greater than 10 years in a related function required. 3–5 years leading through mentorship in a related field required. 3–5 years leading projects and initiatives through influence required. High School Diploma or equivalent required. Associate Degree or high school equivalent plus 2 additional years of related experience required. What We Offer Generous benefits package available on day one to include 401K matching, bonding leave for new parents (12 weeks, 100% paid), training, GM employee auto discount, community service pay, and nine company holidays. Our Culture Our team members define and shape culture. We welcome new ideas, foster integrity, and create a sense of community and belonging. We do more than work—we thrive. Compensation Competitive salary and bonus eligibility. Work Life Balance Flexible hybrid work environment, 4 days a week in office. #J-18808-Ljbffr