Staff Cybersecurity Engineer - Zero Trust
About the role
This role serves as a member of the Secure Access Services team, providing deep network access analysis and zero trust solution design expertise. As a Staff Cybersecurity Engineer focused on Security Services, this role is responsible for assessing how users, devices, and services traverse complex network architectures and translating those findings into engineered zero trust patterns implemented through the appropriate identity-aware proxies and mesh VPN policies.
Responsibilities
- Design, implement, and maintain scalable and secure access architectures across complex enterprise IT environments.
- Conduct deep analysis of user, device, and service network access paths across complex network environments, including routing, firewalls, macro- and micro-segmentation, proxies, DNS, and load balancers.
- Translate business, risk, and compliance requirements into reusable reference architectures, patterns, and guardrails for secure access.
- Implement secure access for a broad set of web and non-web applications, including internal and external web applications, APIs, databases, administrative tools, and legacy TCP workloads.
- Drive data governance and secure architecture practices by ensuring access patterns, controls, and supporting documentation align with security policies, standards, and best practices.
- Evaluate and recommend security tools, technologies, and processes that enhance the overall security posture and improve scalability, resilience, and operational efficiency.
- Develop automation, including Infrastructure as Code, CI/CD integrations, and policy-as-code, to ensure consistent and repeatable deployment of secure access controls.
- Develop and maintain technical documentation related to security architectures, onboarding patterns, runbooks, configuration baselines, test plans, and operational procedures.
- Provide technical leadership, mentorship, and knowledge sharing to other engineers on security best practices, architectural design, and secure access engineering patterns.
- Participate in incident response activities and provide expert guidance on secure access and security-related issues, including root cause analysis and durable remediation.
- Define, track, and own key metrics and performance indicators for secure access capabilities, including application coverage, control adoption, incident reduction, and onboarding efficiency.
Requirements
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Computer Engineering, or a related technical field.
- 7+ years of experience in cybersecurity, network security, security architecture, or security engineering roles, with a strong focus on secure access and zero trust design.
- Expert-level proficiency in modern information security and complex network architectures, including zero trust architecture, identity and access management, secure remote access, VPN and mesh VPN solutions, and web and non-web application access patterns.
- Strong expertise in network and connectivity architectures, including routing, firewalls, macro- and micro-segmentation, proxies, DNS, and load balancers.
- Demonstrated ability to analyze complex network and access patterns and translate them into robust, scalable, and supportable secure access designs.
- Experience securing development and enterprise environments and integrating security throughout the software development and service lifecycle.
- Strong understanding of enterprise IT, networking, cloud platforms, information architecture, and relevant security disciplines, theories, and techniques.
- Demonstrated experience conducting qualitative research and technical analysis related to cybersecurity risks, vulnerabilities, and solution design.
- Track record of independently leading complex, cross-functional initiatives with measurable business and risk reduction outcomes.
- Excellent written, verbal, and interpersonal communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
Qualifications
- Master’s degree in Computer Science, Information Security, Cybersecurity, Computer Engineering, or a related technical field.
Skills
- Proven experience designing, implementing, and engineering zero trust security architectures and secure access patterns within large, complex hybrid network environments.
- Strong expertise in network and connectivity architectures, including routing, firewalls, macro- and micro-segmentation, proxies, DNS, and load balancers.
- Demonstrated ability to analyze complex network and access patterns and translate them into robust, scalable, and supportable secure access designs.
- Experience securing development and enterprise environments and integrating security throughout the software development and service lifecycle.
- Strong understanding of enterprise IT, networking, cloud platforms, information architecture, and relevant security disciplines, theories, and techniques.
- Demonstrated experience conducting qualitative research and technical analysis related to cybersecurity risks, vulnerabilities, and solution design.
- Track record of independently leading complex, cross-functional initiatives with measurable business and risk reduction outcomes.
- Excellent written, verbal, and interpersonal communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
Benefits
GM offers a variety of health and wellbeing benefit programs, including medical, dental, vision, Health Savings Account, Flexible Spending Accounts, retirement savings plan, sickness and accident benefits, life insurance, paid vacation & holidays, tuition assistance programs, employee assistance program, GM vehicle discounts, and more. GM does not provide immigration-related sponsorship for this role. This role is based remotely, but if the selected candidate lives within a specific mile radius of a GM hub, they will be expected to report to the location three times a week {or other frequency dictated by your manager}. This job is not eligible for relocation benefits. Any relocation costs would be the responsibility of the selected candidate.