Distinguished Principal Cybersecurity Engineer, Incident Response Join to apply for the Distinguished Principal Cybersecurity Engineer, Incident Response role at GM Financial . **Job Description** **Hybrid work environment; 4 days onsite and 1 day remote** **Why GM Financial Cybersecurity?** The GMF Cybersecurity team is responsible for security engineering, regulatory response, third-party risk, and incident response to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our team has strong support to implement cutting-edge technologies and automate routine tasks, focusing on impactful security initiatives. Working at GM offers opportunities across various industries including financial services, automotive, manufacturing, high-tech, and military. We seek team players eager to innovate and expand our cybersecurity capabilities. **Responsibilities** Lead comprehensive incident investigations: detection, containment, eradication, recovery, and post-incident analysis. Develop and refine incident response tools, scripts, and frameworks to enhance detection and response efficiency. Perform and improve forensic analyses across memory, network, host, and cloud environments, including malware reverse-engineering and automated triage. Produce clear, contextual technical incident reports. Identify attacker TTPs and IOCs; integrate them into detection systems and playbooks. Drive cross-functional security solutions and proactively manage vulnerabilities. Lead or contribute to tabletop exercises, Purple Team sessions, and threat simulations. Analyze logs, SIEM alerts, IDS/IPS alerts, and network traffic to identify suspicious activities. Stay ahead of emerging threats, monitoring zero-days, vulnerabilities, and APTs. **Reporting Structure** Reports to: VP Cybersecurity Strategy and Operations **Qualifications** Proven thought leadership and extensive experience leading cross-functional initiatives. Deep understanding of business implications and organizational values. Recognized as a master in cybersecurity discipline. Experience building detection rules, playbooks, and threat intelligence techniques. Extensive incident response experience, particularly with targeted threats like APTs. Expertise in network, endpoint, memory, disk, and cloud forensics. Strong knowledge of global cyber threats, TTPs, IOCs, and frameworks like MITRE ATT&CK. Experience with cloud platforms (Azure, AWS), scripting, API development, and malware analysis. Advanced understanding of incident response roles, network protocols, and security architecture. Proficiency in programming languages such as Python, PowerShell, Bash, and tools like Yara. Relevant degrees and certifications, with significant industry experience. **What We Offer**: Competitive benefits, 401K matching, paid parental leave, training, employee discounts, and holidays. **Our Culture**: An environment that fosters innovation, integrity, community, and growth. **Compensation**: Competitive salary, bonus eligibility, and company vehicle program. **Work Life Balance**: Flexible hybrid schedule, 4 days in-office per week. #J-18808-Ljbffr
GM Financial