Sr Cybersecurity Engineer

Why GMF Cybersecurity?

Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive. 

This position will be posted until filled.

About the role:

The Sr Cybersecurity Engineer – Incident Response will lead the detection, investigation, and response to complex cybersecurity threats, driving advanced incident response activities and enhancing security monitoring across a broad range of technologies. If you are looking to make a meaningful impact by applying your extensive cybersecurity experience to improve detection capabilities, guide response efforts, and strengthen the organization’s overall security posture, GM Financial is the place to do it. 

In this role you will:

• • Participate in incident investigations, covering detection, containment, eradication, recovery, and post-incident reviews  

• • Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity 

• • Act as the senior escalation point for complex investigations, providing investigative direction and response strategy 

• • Develop and standardize incident response playbooks to improve consistency and efficiency 

• • Identify and codify attacker TTPs and IOCs, feeding them into detection pipelines and IR playbooks 

• • Stay current with evolving attack techniques and security technologies to design, build, and continuously refine cloud detections and alerts across Azure and Microsoft 365 

• • Participate in an on‑call rotation to support timely response to security incidents outside of standard business hours