Associate Cybersecurity Engineer

Opportunity to work in a hybrid model: Potential to work 4 days onsite and 1 day remote

Why GM Financial Cybersecurity?

Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

This position will be posted until filled.

About the role: 

This Associate Cybersecurity Engineer role at GM Financial focuses on vulnerability management and application security within a highly visible, mission‑driven security organization. The role partners closely with engineering and DevOps teams to identify, assess, and remediate vulnerabilities across enterprise systems and cloud‑based applications, integrating security controls into CI/CD pipelines and modern DevSecOps workflows. The position emphasizes hands‑on work with vulnerability management platforms, application security tools, WAFs, and secure coding practices, while also contributing to risk assessments, incident response, and security reporting for leadership. GM Financial offers a collaborative culture, strong leadership support, competitive compensation, and a flexible hybrid work model. 

In this role you will: 

• Responsible for maintaining and building upon a fundamental skill set in regards to Cybersecurity triage, investigation and response activities.
• Design and implement security solutions with emphasis on:
  • Vulnerability Management (VM) platforms and processes.
  • Application Security tools (SAST, DAST, IAST).
  • Secure coding practices and CI/CD pipeline integration.
• Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts.
• Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code (IaC).
• Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies.
• Create and present security metrics, vulnerability trends, and risk reports to leadership.
• Participate in incident response activities, providing technical expertise for application-related security incidents.
• Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security.

What makes you an ideal candidate?

• Understanding of vulnerability management processes, CVSS scoring, and remediation strategies.
• Experience with application security tools (e.g., Veracode, Checkmarx, Burp Suite, OWASP ZAP).
• Knowledge of secure software development lifecycle (SDLC) and DevSecOps principles.
• Familiarity with container security, Kubernetes, and cloud-native application security.
• Familiarity securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation).
• Scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows.
• Understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS).
• Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10).
• Analytical skills for interpreting vulnerability data and assessing business impact.
• Excellent communication skills for collaborating with developers, operations teams, and leadership.

Additional Knowledge and Skills

Working effectively within an AI enabled environment:  

• Ability to use AI tools (e.g., Microsoft Copilot) to support daily work.
• Skills in evaluating AI outputs for accuracy, compliance, and bias.
• Experience integrating AI into workflows to improve efficiency or insights.
• Familiarity with AI assisted research, summarization, and content generation.
• Understanding of responsible AI use, including ethics and data protection.

Work Experience & Education

• 0-2 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred.
• 0-2 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred .
• High School Diploma or equivalent required.
• Bachelor’s Degree in related field or equivalent work experience strongly preferred.

Licenses and Certifications

• One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred.

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Compensation: Competitive pay and bonus eligibility.

Work Life Balance: Flexible hybrid work environment, 4-days a week in office.

This position is not open to agency submissions.

#GMFJobs #LI-Hybrid #LI-SC1