Senior Cybersecurity Vulnerability Management Engineer

Job Description

The Role:

As a Senior Cybersecurity Vulnerability Engineer you will serve as a highly capable individual contributor responsible for designing implementing and improving cybersecurity capabilities that protect GMs risk domains of people products partners platforms and production.

The successful candidate is a senior experienced professional who can independently assess complex vulnerability and exposure risks translate threat intelligence and technical findings into actionable remediation priorities and influence outcomes across infrastructure cloud application manufacturing and security stakeholder groups. The senior engineer will have significant functional impact through risk-based decision-making operational leadership and mentorship of engineers and remediation partners.

You will solve diverse non-standard security problems; translate broad challenges into implementable initiatives; and drive delivery across teams through technical leadership sound judgment and influence. This role has significant operational impact across the cybersecurity organization that serves as a mentor and resource for other team members.

What Youll Do:

• Lead engineering operational improvement and continuous maturity of GM Vulnerability Management core services across enterprise infrastructure client endpoints multi-cloud and AI security threat exposure domains.

• Serve as a senior individual contributor for Enterprise Data Center Infrastructure vulnerability management including server endpoint network virtualization patch coordination exception handling on-prem asset hygiene and remediation prioritization for critical infrastructure.

• Drive client endpoint vulnerability management by reducing endpoint risk through continuous detection patching browser and software update compliance control enforcement and remediation guidance across corporate and manufacturing endpoint environments.

• Lead multi-cloud vulnerability management across Azure AWS and GCP including workload exposure misconfiguration correlation cloud VM risk container image and runtime exposure and cloud-to-business criticality mapping to support risk-based remediation.

• Build and mature AI security threat vulnerability management capabilities for AI workloads model supply chain risk prompt injection data leakage agent permissions tool-use guardrails model and runtime control validation and secure rollout patterns for internal AI capabilities.

• Correlate scanner findings with asset business network telemetry identity threat-intelligence and SBOM context to improve prioritization accuracy and focus remediation on exposures most likely to create business risk.

• Apply threat intelligence and exploitability analytics including exposure context attack-path factors and evidence of exploitation to move prioritization beyond severity-only scoring.

• Partner with infrastructure endpoint cloud platform manufacturing application and Security Fitness stakeholders to convert findings into actionable remediation plans drive accountability and accelerate closure of urgent critical and high-risk issues.

• Support and improve Vulnerability core functions including asset discovery and inventory vulnerability scanning and assessment threat intelligence and risk context prioritization and risk scoring remediation and patch coordination exception management reporting dashboards governance integration automation and continuous improvement.

• Contribute to workflow integration and automation across detection security unification tools automated patching orchestration and related platforms while maintaining appropriate guardrails and human approval for meaningful changes to critical environments.

• Provide technical leadership mentoring and consultative support to less experienced engineers and aligned remediation owners.

• Protect sensitive company employee and customer information and consistently operate in alignment with GM values behaviors and policies.

Your Skills & Abilities (Required Qualifications):

• Bachelors degree in Cybersecurity Computer Science Engineering Information Technology or a related field or equivalent practical experience.

• Significant professional experience in cybersecurity engineering vulnerability management security operations cloud security infrastructure security or related domains.

• Proven expertise in Enterprise Data Center Infrastructure vulnerability management including servers network-attached infrastructure virtualization patch coordination exception handling and remediation prioritization for enterprise environments.

• Proven expertise in client endpoint vulnerability management including endpoint controls patching software and browser update compliance detection coverage and remediation at scale.

• Proven expertise in multi-cloud vulnerability management across Azure AWS and GCP including cloud workload exposure misconfigurations container image and runtime risks and risk-based remediation workflows.

• Proven expertise in AI security threat vulnerability management including AI workload inventory model supply chain risk prompt injection data leakage model misuse agent abuse scenarios runtime behavior review and control validation.

• Experience correlating vulnerability findings with business asset identity telemetry network SBOM and threat-intelligence context to support risk-based prioritization and exploitability-focused decision-making.

• Experience with enterprise vulnerability management platforms scanners and workflow tooling such as Qualys Tenable Wiz ServiceNow or comparable platforms.

• Strong understanding of remediation governance exception management dashboarding metrics and continuous improvement within a mature vulnerability management program.

• Demonstrated ability to work independently exercise strong judgment and deliver results with minimal guidance.

• Proven ability to solve complex ambiguous problems using structured analysis and innovative approaches.

• Experience leading initiatives that span multiple teams stakeholders or technical domains.

• Strong communication and influence skills including the ability to present recommendations supported by data and analysis.

• Commitment to protecting sensitive information speaking up about risks and operating with integrity.

• Demonstrated ability to run an end-to-end vulnerability intelligence workflow for a high-profile CVE from initial awareness through intelligence collection environmental relevance scoping contextual scoring and tailored outputs for executive and technical stakeholders.

• Strong judgment in risk-based prioritization beyond CVSS including the ability to weigh EPSS CISA KEV status active exploitation exploit maturity asset criticality internet exposure and compensating controls to assign and defend a GM-specific priority.

• Ability to assess exploitability when public information is incomplete by reasoning through attack complexity required privileges user interaction environmental preconditions and the effectiveness of the control stack then updating recommendations as PoCs and tooling emerge.

• Experience mapping newly disclosed vulnerabilities to complex enterprise environments spanning multiple operating systems cloud platforms infrastructure and third-party products using CMDB scanner outputs SBOMs cloud inventories.

• Strong written and verbal communication skills for producing high-quality vulnerability briefs that clearly summarize impact affected assets exploit likelihood recommended actions and remediation timelines for different audiences.

• Experience designing or improving a vulnerability intelligence pipeline including source ingestion normalization deduplication enrichment with internal context scoring and publishing into tickets dashboards SOC workflows and leadership updates.

• Proven ability to respond to high-impact 0-days in critical third-party products by rapidly validating noisy intelligence scoping exposure recommending interim mitigations and structuring updates during the first 24 to 72 hours.

• Ability to reconcile conflicting vulnerability data across vendors scanners commercial feeds internal observations document rationale and establish a defensible environment-specific rating.

• Experience defining and using leadership metrics and dashboards that combine scanner CMDB ticketing and threat-intelligence data to track remediation urgency business exposure and time-to-remediate.

• Strong partnership skills with SOC and incident response teams to translate vulnerability intelligence into targeted detection containment remediation and post-incident scoring improvements.

• Technical depth to interpret exploit code TTPs and attacker tradecraft when needed and adjust recommendations when practical exploitability differs from initial assumptions.

• Knowledge of the regulatory landscape and intricacies related to industry cybersecurity standards and best practices (examples include: NIST CSF SSDF NIST 800-53 ISO 270001/2 ISO/IEC 15.x.x NHTSA Best Practices ISO/SAE 21434 SOC2 etc) and state privacy laws

• Experience with policy/standard process creation and acceptance

What Will Give You A Competitive Edge (Preferred Qualifications):

• Experience in large-scale enterprise automotive manufacturing mobility or regulated environments.

• Relevant certifications such as CISSP CISM CCSP GIAC AWS Security Azure Security or equivalent.

• Experience with cloud platforms DevSecOps security automation detection engineering threat modeling incident response or vulnerability remediation.

• Experience influencing strategy operating models and process improvements beyond an immediate team or project scope.

• Expertise in managing and leading complex projects and assignments with a high degree of autonomy confidentiality and accountability for results

• Ability to work independently with minimal supervision

• Operate with high level of time management and prioritization skills.

• Must be comfortable working with and at times managing Senior Leaders and Executives within the organization

• A proven & successful track record in navigating cross functional teams to achieve desired resultsin a highly matrixed organization.

• Hands-on Linux and Windows security administration experience

#LI-SB3

About GM

Our vision is a world with Zero Crashes Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better safer and more equitable for all.

Why Join Us

We believe we all must make a choice every day individually and collectively to drive meaningful change through our words our deeds and our culture. Every day we want every employee to feel they belong to one General Motors team.

Benefits Overview

From day one were looking out for your well-beingat work and at homeso you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Non-Discrimination and Equal Employment Opportunities (U.S.)

General Motors is committed to being a workplace that is not only free of unlawful discrimination but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers.

All employment decisions are made on a non-discriminatory basis without regard to sex race color national origin citizenship status religion age disability pregnancy or maternity status sexual orientation gender identity status as a veteran or protected veteran or any other similarly protected status in accordance with federal state and local laws.

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required where applicable to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more visit How we Hire.

Accommodations

General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment email us or call your email please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.