Cybersecurity Engineer
Qualifications
Experience Level: Mid Level
- Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security
- Design and implement security solutions with emphasis on: Vulnerability Management (VM) platforms and processes, Application Security tools (SAST, DAST, IAST), Web Application Firewalls (WAF), Secure coding practices and CI/CD pipeline integration
- Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts
- Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code (IaC)
- Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies
- Create and present security metrics, vulnerability trends, and risk reports to leadership
- Participate in incident response activities, providing technical expertise for application-related security incidents
- Conduct periodic risk assessments for applications and supporting infrastructure
- Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities
- Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security
Full Job Description
GM Financial, a leading automotive finance company, is actively seeking a talented Cybersecurity Engineer to join their innovative team in Arlington, TX. This mission-driven role focuses on Vulnerability Management and Application Security, playing a crucial part in protecting enterprise systems and ensuring compliance with stringent security standards. You will be instrumental in identifying and mitigating security vulnerabilities within our applications and infrastructure.
Responsibilities include developing and maintaining technical security requirements, designing and implementing advanced security solutions for Vulnerability Management platforms, Application Security tools (SAST, DAST, IAST), Web Application Firewalls (WAF), and integrating secure coding practices into CI/CD pipelines. You will perform vulnerability assessments and penetration testing, analyze findings, and drive remediation efforts. Collaboration with development and operations teams to embed security into DevOps workflows and Infrastructure as Code (IaC) is essential. Additional duties involve monitoring security alerts, generating security metrics and risk reports for leadership, participating in incident response, conducting risk assessments, and evaluating new security technologies. Staying abreast of emerging threats and regulatory requirements is paramount.
The ideal candidate will possess a deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies, along with hands-on experience with application security tools such as Veracode, Checkmarx, Burp Suite, or OWASP ZAP. Strong knowledge of secure software development lifecycle (SDLC) and DevSecOps principles, familiarity with container security, Kubernetes, and cloud-native application security are required. Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation) is highly valued. Proficiency in scripting and automation (Python, Bash, or similar), a solid understanding of networking fundamentals, and knowledge of security frameworks like NIST CSF, ISO 27001, and OWASP Top 10 are necessary. Excellent analytical and communication skills are crucial for success in this role. A Bachelor's Degree in a related field or equivalent work experience, along with cybersecurity certifications, is strongly preferred. We are looking for candidates with 1-5 years of experience in large, complex environments.
This is a full-time, hybrid position offering a competitive benefits package including 401K matching, 12 weeks of paid bonding leave, tuition assistance, training opportunities, and more.
Company
GM Financial
Based in Arlington, Texas, GM Financial is the captive finance company and a wholly-owned subsidiary of General Motors Company. They are a key player in automotive financial services.