Cybersecurity Engineer

Why GMF Cybersecurity? Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission‑focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Job Description Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting‑edge technologies. Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

About the role The Cybersecurity Engineer – Incident Response Detection Engineer is responsible for designing proactive defenses that keep us ahead of evolving cyber threats. In this role, you’ll leverage SIEM analytics and detection engineering techniques to craft precise detection rules, optimize log analysis, and identify anomalous activity using a wide variety of tooling across on‑prem and cloud environments. Security technologies may include but are not limited to:
Data Loss Prevention (DLP), Security Incident Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Intrusion Detections System (IDS)/Intrusion Prevention System (IPS), Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR), Network Detection and Response (NDR), Security Orchestration, Automation and Response (SOAR), and Web and Email Security Tooling.

• Develop and maintain detection rules at source and within a SIEM to identify anomalous behaviors, suspicious activity, and emerging threats across on‑prem and cloud environments
• Manage, filter, and correlate high‑volume telemetry from multiple sources to produce actionable insights
• Align detection engineering efforts with CSIRT operational goals, ensuring seamless integration with incident response workflows and Detection as Code (DaC) Pipelines
• Continuously improve alert fidelity by tuning detection logic and reducing false positives
• Perform threat hunting and detection gap analysis to proactively identify coverage gaps and strengthen detection capabilities
• Investigate security incidents from detection to resolution, engaging in any containment, eradication and recovery actions as needed
• Conduct purple teaming exercises and analyze resulting log activity to validate detection coverage and identify gaps
• Collaborate with our threat intelligence team to incorporate emerging indicators and TTPs into detection strategies
• Document detection logic, tuning, playbooks and validation results for transparency, auditability, and knowledge sharing
• Stay current with evolving attack techniques and security technologies to adapt detection strategies accordingly
• Participate in an on‑call rotation as needed to support timely response to security incidents outside of standard business hours

• Strong technical skills and hands‑on experience in Cybersecurity Defensive Operations as it relates to alert triage, on‑going monitoring, detection, investigation, and incident response activities
• Understanding of Cybersecurity concepts such as SIEM analytics, Endpoint security, Network security, Cloud security, Data Loss Prevention/Data Privacy, and Web/Email security
• Practical understanding of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
• Demonstrate familiarity with AI and large language models (LLMs) and their application in cybersecurity, including how they can support threat detection, analysis, and decision‑making
• Strong knowledge of the OSI model and security that is associated with each layer
• Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory,…