Cybersecurity - Incident Response Infrastructure Engineer - GM Financial
Arlington, TX 76014
About the Job
Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote
Why GMF Cybersecurity?
Our Cybersecurity team is tasked with the security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
We are hiring for multiple levels on our Cybersecurity Incident Response team.
Responsibilities:
Incident Response Software Engineer Responsibilities
Candidates with 2 or more years of experience: This position is responsible for on-going maintenance and development of our incident response platform and infrastructure, building/tuning automated response tools, and incident investigation. Applicants should have strong problem-solving skills, experience in an Agile development environment, experience with Linux system administration, and knowledge around AWS environments. Experience with Docker/Podman deployments, SOAR, and Python are a plus.
Candidates with 4 or more years of experience: In addition, you will also be expected to identify additional gaps and opportunities in our processes and applications, that we can build additional tooling and automations to address, and you will be expected to own those projects from proposal to production. Applicants should also be comfortable mentoring and teaching other team members, as our team is at it’s strongest when every member is growing.
What makes you a dream candidate?
- Advanced knowledge around Linux administration, specifically around maintaining applications and services.
- Provides ongoing monitoring and maintenance for our applications and tooling, to ensure minimal downtime and errors for our Incident Response Capabilities.
- Builds and deploys applications and services for our Cybersecurity Incident Response Team, primarily on Linux infrastructure.
- Understands and be a consultant for cloud-based deployments and architectures, especially in the AWS or Azure ecosystems.
- Participates in the review and implementation of security solutions aimed to enhance incident response capabilities.
- Provide the corporate network, assets, and users with security monitoring over time, intrusion detection, and incident response capabilities.
- Investigate, escalate, and respond to potential security events and user inquiries.
- Participates in alert development and tunning efforts.
- Performs analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity.
- Participates in emergency response team activities for responding to various cybersecurity incidents.
- Advanced knowledge around managing Docker/Podman deployments, including using docker/podman-compose configurations.
- Advanced knowledge of the OSI model and security that is associated with each layer.
- Knowledge of IT security processes, controls, and infrastructure along with IT core concepts such as Windows & Active Directory, Unix/Linux, management via the command line, Virtualization & Cloud Computing, and Operational best practices
- Understanding of incident response processes and procedures including familiarity with NIST framework
- Experience in developing custom detections and logic to identify suspicious activity, specific attacks, and exploits.
- Understanding of routing and switching protocols as they relate to load balancing.
- Strong understanding of application layer protocols including HTTP, SSH, SSL and DNS
- Detailed knowledge of declarative Infrastructure-as-Code approaches and immutable infrastructure is a plus
Qualifications:
Education & Experience
- Bachelor’s Degree in related field or equivalent work experience strongly preferred.
- Minimum of 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred.
- Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred.
- Cybersecurity related certifications strongly preferred.
What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
Our Culture: Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.
Compensation: Competitive pay and bonus eligibility
Work Life Balance: Flexible hybrid work environment, 4-days a week in office.
#LI-HH1
#LI-Hybrid