GM Financial ยท 2 weeks ago
Cybersecurity Engineer - Vulnerability Management and Application Security
Arlington, TX
Full-time
Hybrid
Entry, Mid Level
1+ years expGM Financial is a company focused on innovation and mission-driven work in the field of cybersecurity. The Cybersecurity Engineer will be responsible for safeguarding enterprise systems and applications by identifying, assessing, and mitigating vulnerabilities, while ensuring compliance with security standards and best practices.
Finance
Responsibilities
Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security
Design and implement security solutions with emphasis on: Vulnerability Management (VM) platforms and processes, Application Security tools (SAST, DAST, IAST), Web Application Firewalls (WAF), Secure coding practices and CI/CD pipeline integration
Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts
Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code (IaC)
Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies
Create and present security metrics, vulnerability trends, and risk reports to leadership
Participate in incident response activities, providing technical expertise for application-related security incidents
Conduct periodic risk assessments for applications and supporting infrastructure
Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities
Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security
Qualification
Required
Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security
Design and implement security solutions with emphasis on: Vulnerability Management (VM) platforms and processes, Application Security tools (SAST, DAST, IAST), Web Application Firewalls (WAF), Secure coding practices and CI/CD pipeline integration
Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts
Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code (IaC)
Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies
Create and present security metrics, vulnerability trends, and risk reports to leadership
Participate in incident response activities, providing technical expertise for application-related security incidents
Conduct periodic risk assessments for applications and supporting infrastructure
Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities
Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security
Minimum of 1 to 5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
Bachelor's Degree in related field or equivalent work experience strongly preferred
Cybersecurity related certifications strongly preferred
Experience with CI/CD security integration and automated vulnerability scanning
Familiarity with microservices architecture and securing APIs
Advanced technical writing and documentation skills
Knowledge of threat modeling and risk assessment methodologies
Preferred
Deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies
Hands-on experience with application security tools (e.g., Veracode, Checkmarx, Burp Suite, OWASP ZAP)
Strong knowledge of secure software development lifecycle (SDLC) and DevSecOps principles
Familiarity with container security, Kubernetes, and cloud-native application security
Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation)
Proficiency in scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows
Solid understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS)
Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10)
Strong analytical skills for interpreting vulnerability data and assessing business impact
Excellent communication skills for collaborating with developers, operations teams, and leadership
Ability to think strategically, innovate, and implement scalable security solutions
Benefits
401K matching
Bonding leave for new parents (12 weeks, 100% paid)
Tuition assistance
Training
GM employee auto discount
Community service pay
Nine company holidays
Company
GM Financial
GM Financial is the captive finance company and a wholly-owned subsidiary of General Motors Company.
5001-10000 employees
H1B Sponsorship
GM Financial has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (101)
2024 (91)
2023 (86)
2022 (81)
2021 (55)
2020 (50)
Funding
Current Stage
Late StageTotal Funding
unknown2010-09-29Acquired
Leadership Team
Katie DeGraaf
Senior Vice President, OnStar Insurance, Product & Telematics
Ross Reichardt
Chief of Staff; General Motors Insurance
Recent News
2025-11-12
2025-11-04
2025-10-10
Company data provided by crunchbase