Sr Cybersecurity Engineer - Threat & Vulnerability Management
GM Financial · Irving, TX · Yesterday
HybridInformation TechnologyFull-time
Responsibilities
- Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security.
- Design and implement security solutions with emphasis on: Vulnerability Management (VM) platforms and processes, Application Security tools (SAST, DAST, IAST), Secure coding practices, and CI/CD pipeline integration.
- Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts.
- Analyze scan results, assess risk, and collaborate with system owners to prioritize and remediate vulnerabilities.
- Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies.
- Create and present remediation progress, security metrics, vulnerability trends, and risk reports to leadership.
- Participate in incident response activities, providing technical expertise for application-related security incidents.
- Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities.
- Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security.
Qualifications
- Deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies.
- Hands-on experience with Qualys VMDR, including asset discovery, authenticated scanning, vulnerability assessment, and reporting.
- Strong knowledge of vulnerability lifecycle management.
- Ability to interpret Qualys findings and translate technical vulnerabilities into actionable remediation guidance for technical and non-technical stakeholders.
- Familiarity with container security, Kubernetes, and cloud-native application security.
- Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation).
- Proficiency in scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows.
- Solid understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS).
- Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10).
- Strong analytical skills for interpreting vulnerability data and assessing business impact.
- Excellent communication skills for collaborating with developers, operations teams, and leadership.
- Able to think strategically, innovate, and implement scalable security solutions.
- Experience with CI/CD security integration and automated vulnerability scanning.
- Familiarity with microservices architecture and securing APIs.
- Knowledge of threat modeling and risk assessment methodologies.
- Experience with large and complex business environments with a successful track record working directly with senior level management preferred.
- Experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred.
- Cybersecurity related certifications strongly preferred.
- Bachelor’s Degree in related field or equivalent work experience strongly preferred.
- High School Diploma or equivalent required.
What We Offer
- Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
- Hybrid work environment, 4 days a week in the office.