Cybersecurity - Incident Response Infrastructure Engineer

Overview

Why GM Financial?

Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote.

GM Financial (GMF) is the wholly owned captive finance subsidiary of General Motors and is headquartered in Texas. We are a global provider of auto finance solutions, with operations in North America, South America, and Asia. Through our long-standing relationships with auto dealers, we offer attractive retail financing and lease programs to meet the needs of each customer. We also offer commercial lending products to dealers to help them finance and grow their businesses.At GMF our Cybersecurity organization is a global team consisting of architecture, engineering, operations, governance, and risk functions under the Chief Information Security Officer reporting directly to the CEO.We are hiring for multiple levels on our Cybersecurity Incident Response team.

Responsibilities

Incident Response Software Engineer Responsibilities

Candidates with 2 or more years of experience: This position is responsible for on-going maintenance and development of our incident response platform and infrastructure, building/tuning automated response tools, and incident investigation. Applicants should have strong problem-solving skills, experience in an Agile development environment, experience with Linux system administration, and knowledge around AWS environments. Experience with Docker/Podman deployments, SOAR, and Python are a plus.

Candidates with 4 or more years of experience: In addition, you will also be expected to identify additional gaps and opportunities in our processes and applications, that we can build additional tooling and automations to address, and you will be expected to own those projects from proposal to production. Applicants should also be comfortable mentoring and teaching other team members, as our team is at it's strongest when every member is growing.

What makes you a dream candidate?

• Provides ongoing monitoring and maintenance for our applications and tooling, to ensure minimal downtime and errors for our Incident Response Capabilities.

• Builds and deploys applications and services for our Cybersecurity Incident Response Team, primarily on Linux infrastructure.

• Prepares technical requirements and standards, updates information procedures, standards and/or other technical requirement documents.

• Develops detailed proposals and plans for new information security systems that would enhance or enable new capabilities for network or host systems.

• Designs and proposes detailed architectural plans for applications and tools, which account for Highly Available solutions or include robust Disaster Recovery Plans.

• Understands and be a consultant for cloud-based deployments and architectures, especially in the AWS or Azure ecosystems.

• Participates in the review and implementation of security solutions aimed to enhance incident response capabilities.

• Provide the corporate network, assets, and users with security monitoring over time, intrusion detection, and incident response capabilities.

• Investigate, escalate, and respond to potential security events and user inquiries.

• Participates in alert development and tunning efforts.

• Performs analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity.

• Participates in emergency response team activities for responding to various cybersecurity incidents.

• Track and own security incidents from detection to resolution, engaging in any containment, eradication, recovery, and tuning actions as needed.

• Advanced knowledge around Linux administration, specifically around maintaining applications and services.

• Advanced knowledge around managing Docker/Podman deployments, including using docker/podman-compose configurations.

• Local and wide area networking concepts, principles, and protocols

• Advanced knowledge in Infrastructure design and management

• Advanced knowledge of the OSI model and security that is associated with each layer.

• Knowledge of IT security processes, controls, and infrastructure along with IT core concepts such as Windows & Active Directory, Unix/Linux, management via the command line, Virtualization & Cloud Computing, and Operational best practices

• Possess understanding of cloud technologies and concepts.

• Experience securing cloud deployments on common platforms like Microsoft Azure, Amazon Web Services, or Google Cloud Platform.

• Background in scripting and automation in widely used languages such as Python.

• Understanding of incident response processes and procedures including familiarity with NIST framework

• Experience in developing custom detections and logic to identify suspicious activity, specific attacks, and exploits.

• Understanding of routing and switching protocols as they relate to load balancing.

• Strong understanding of application layer protocols including HTTP, SSH, SSL and DNS

• Detailed knowledge of declarative Infrastructure-as-Code approaches and immutable infrastructure is a plus

Qualifications

Education & Experience

• Bachelor's Degree in related field or equivalent work experience strongly preferred.

• Minimum of 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred.

• Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred.

• Cybersecurity related certifications strongly preferred.

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture - an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work - we thrive.

Compensation: Competitive pay and bonus eligibility

Work Life Balance: Flexible hybrid work environment, 4-days a week in office.

#LI-HH1

#LI-Hybrid