Sr Cybersecurity Engineer - Incident Response

Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.  As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries.  We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

About the role:
The Senior Cybersecurity Engineer is responsible for designing, implementing, operating, and continuously improving security capabilities that identify, analyze, and mitigate threats to corporate networks, systems, data, and users. This role focuses on delivering scalable, well-engineered security controls and detection mechanisms aligned with mature threat detection, automation, and response practices. The Senior Cybersecurity Engineer partners closely with security leadership, IT, and business stakeholders to define core security requirements, design and deploy security technologies, and perform ongoing tuning, alerting, and optimization to ensure effectiveness and reduce operational noise. This engineer treats detections and security controls as code, leveraging automation, version control, and repeatable workflows to support reliability and continuous improvement.

In this role you will:

• Technologies supported by this role may include, but are not limited to, Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Security Orchestration, Automation, and Response (SOAR), User and Entity Behavior Analytics (UEBA), Host Intrusion Prevention Systems (HIPS), and web and email security gateways, across both on‑premises and cloud environments. In addition to hands-on technical implementation, this role is responsible for clearly communicating security risks, requirements, and recommendations to cybersecurity leadership and management, contributing to incident response readiness, and supporting the ongoing maturation of the enterprise security program.
• Design, develop, test, and deploy scalable detection logic across SIEM and cloud environments using mature IoC principles, detections‑as‑code practices, Git, and automated pipelines.
• Write, maintain, and review production‑quality code (Python, JavaScript, PowerShell, Bash) to support security detections, automation, custom tooling, and API integrations.
• Build, enhance, and maintain SOAR playbooks integrated with incident response and case management systems to enable enrichment, automation, and rapid response.
• Partner closely with SOC and Incident Response teams to understand workflow bottlenecks, serve as an escalation point for detection pipelines and tooling, and reduce time‑to‑resolution.
• Translate threat intelligence, post‑incident analysis, and tabletop exercise outcomes into actionable detections, automation, and security control improvements.
• Proactively evaluate emerging security technologies and capabilities, providing recommendations that strengthen protection of enterprise information assets.
• Collaborate with cybersecurity leadership to plan and execute initiatives that accelerate organizational security maturity and operational effectiveness.
• Support security governance efforts by maintaining procedures, standards, and technical documentation, and by participating in periodic risk assessments.