WAF Cybersecurity Engineer - GM Financial

Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with the security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.  As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries.  We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

About the role

​The Cybersecurity Engineer is responsible for developing, deploying, monitoring, tuning, evaluating, reporting, and maintaining systems and procedures; to identify and mitigate threats to the corporate network, corporate assets and corporate users. This team member will identify core requirements, design and implement security technologies and work with stakeholders to perform ongoing tuning and alerting on those technologies. Security technologies may include, but are not limited to: Web Application Firewall (WAF), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Information Rights Management (IRM), Zero Trust Network Access (ZTNA), and Web/Email Gateway (SWG/SEG). This team member will be responsible for both technical implementation of systems and communication of security requirements to management and security leadership. Additionally, this team member will be responsible, as necessary, with assisting in investigations into security threats.

What makes you a dream candidate?

• Assists in the identification, engineering and designing of security technologies including, but not limited to: Web Application Firewall (WAF), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Information Rights Management (IRM), Zero Trust Network Access (ZTNA), and Web/Email Gateway (SWG/SEG)
• Performs analysis of system logs to identify unauthorized use or access
• Creates, analyzes, and communicates security metrics to leadership
• Participates in emergency response team activities for responding to various security incidents
• Provides in-depth support for information security incidents including internal violations, hacker attacks, virus and system outages
• Prepares and updates information procedures, standards and/or other technical requirement documents
• Ability to research, determine, and write detailed Root Cause Analysis (RCA) Documentation
• Recommends and evaluates security tools to identify more efficient and effective security measures
• Perform other duties as assigned
• Conform with all company policies and procedures

Knowledge

• High level understanding of technology infrastructure, security concepts, and platforms
• Advanced knowledge in Infrastructure design and management
• Working knowledge of application protocols such as SMTP, HTTP(S), FTP, SSH, DNS
• Working knowledge of TCP/IP, OSI model, and IP subnetting
• Local and wide area networking concepts, principles, and protocols
• Familiarity with routing and switching protocols
• Proven expertise developing custom rule sets for tools to identify specific attacks and exploits based on feedback and requirements from business stakeholders including Compliance and Legal Counsel
• Possess understanding of cloud technologies and concepts
• Working knowledge of Linux operating systems and microservice architecture
• Working knowledge of scripting and automation in widely used languages such as Python, PowerShell, Ruby, etc is a plus

Skills

• Ability to think strategically and make collaborative decisions
• Ability to apply structured analysis methods to various types of data to establish trends, determine variability, and business impact
• Communicates quickly, clearly, concisely, appropriately, and intelligently
• Foster open communication, speaks with impact, listens to others, and writes effectively
• Experience with alternate management methods outside of a GUI using SSH, PowerShell, and/or Linux command line
• Ability to effectively negotiate with vendors on upgrades and acquisitions
• Effective planning, time management, negotiation and delegation skills
• Ability to approach problems with an open-mind and create new and innovative ideas and methods
• Experience in documentation tools such as Visio and Microsoft Office products
• Strong analytical skills
• Ability to approach problems with an open-mind, use existing information and resources
• Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods
• Think positively when faced with obstacles, build on others ideas, think logically and intuitively
• Detailed oriented

Education & Experience 

• Bachelor’s Degree in related field or equivalent work experience strongly preferred
• Minimum of 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
• Cybersecurity related certifications strongly preferred

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Compensation: Competitive pay and bonus eligibility

Work Life Balance: Flexible hybrid work environment, 4-days a week in office

#LI-HH1

#LI-Hybrid