General Motors

Senior Cybersecurity Vulnerability Management Engineer

General Motors$100K — $130K *
Warren, MI 48089Hybrid
Information Technology
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, Engineering, Information Technology, or a related field, or equivalent practical experience.
  • Significant professional experience in cybersecurity engineering, vulnerability management, or related fields.
  • Proven expertise in Enterprise Data Center Infrastructure and client endpoint vulnerability management.
  • Experienced in multi-cloud environments including Azure, AWS, and GCP for vulnerability management.
  • Strong analytical skills correlating vulnerability findings with business and threat contexts.
  • Familiarity with enterprise vulnerability management platforms, such as Qualys or Tenable.
  • Effective communication skills for producing vulnerability reports and working with diverse teams.

Responsibilities

  • Lead and enhance GM's Vulnerability Management core services across various platforms.
  • Manage vulnerability for Enterprise Data Center Infrastructure and critical assets.
  • Reduce risk through continuous detection and remediation for client endpoints.
  • Oversee multi-cloud vulnerability management and risk-based remediation workflows.
  • Develop AI security threat capabilities and manage associated vulnerabilities.
  • Correlate scanner findings with business contexts to focus remediation efforts.
  • Provide mentorship and support to enhance team capabilities in vulnerability management.

Benefits

  • Hybrid work model allowing flexibility in reporting locations.
  • Potential eligibility for relocation benefits.
  • Opportunities for professional development and mentorship.
  • Access to modern technology and cybersecurity tools.
  • Work within a diverse and collaborative team focused on innovation.
Full Job Description
Job Description

The Role:

As a Senior Cybersecurity Vulnerability Engineer, you will serve as a highly capable individual contributor responsible for designing, implementing, and improving cybersecurity capabilities that protect GM's risk domains of people, products, partners, platforms, and production.

The successful candidate is a senior experienced professional who can independently assess complex vulnerability and exposure risks, translate threat intelligence and technical findings into actionable remediation priorities, and influence outcomes across infrastructure, cloud, application, manufacturing, and security stakeholder groups. The senior engineer will have significant functional impact through risk-based decision-making, operational leadership, and mentorship of engineers and remediation partners.

You will solve diverse, non-standard security problems; translate broad challenges into implementable initiatives; and drive delivery across teams through technical leadership, sound judgment, and influence. This role has significant operational impact across the cybersecurity organization that serves as a mentor and resource for other team members.

What You'll Do:
  • Lead engineering, operational improvement, and continuous maturity of GM Vulnerability Management core services across enterprise infrastructure, client endpoints, multi-cloud, and AI security threat exposure domains.
  • Serve as a senior individual contributor for Enterprise Data Center Infrastructure vulnerability management, including server, endpoint, network, virtualization, patch coordination, exception handling, on-prem asset hygiene, and remediation prioritization for critical infrastructure.
  • Drive client endpoint vulnerability management by reducing endpoint risk through continuous detection, patching, browser and software update compliance, control enforcement, and remediation guidance across corporate and manufacturing endpoint environments.
  • Lead multi-cloud vulnerability management across Azure, AWS, and GCP, including workload exposure, misconfiguration correlation, cloud VM risk, container image and runtime exposure, and cloud-to-business criticality mapping to support risk-based remediation.
  • Build and mature AI security threat vulnerability management capabilities for AI workloads, model supply chain risk, prompt injection, data leakage, agent permissions, tool-use guardrails, model and runtime control validation, and secure rollout patterns for internal AI capabilities.
  • Correlate scanner findings with asset, business, network, telemetry, identity, threat-intelligence, and SBOM context to improve prioritization accuracy and focus remediation on exposures most likely to create business risk.
  • Apply threat intelligence and exploitability analytics, including exposure context, attack-path factors, and evidence of exploitation, to move prioritization beyond severity-only scoring.
  • Partner with infrastructure, endpoint, cloud platform, manufacturing, application, and Security Fitness stakeholders to convert findings into actionable remediation plans, drive accountability, and accelerate closure of urgent, critical, and high-risk issues.
  • Support and improve Vulnerability core functions including asset discovery and inventory, vulnerability scanning and assessment, threat intelligence and risk context, prioritization and risk scoring, remediation and patch coordination, exception management, reporting, dashboards, governance, integration, automation, and continuous improvement.
  • Contribute to workflow integration and automation across detection, security unification tools, automated patching orchestration, and related platforms, while maintaining appropriate guardrails and human approval for meaningful changes to critical environments.
  • Provide technical leadership, mentoring, and consultative support to less experienced engineers and aligned remediation owners.
  • Protect sensitive company, employee, and customer information and consistently operate in alignment with GM values, behaviors, and policies.


Your Skills & Abilities (Required Qualifications):
  • Bachelor's degree in Cybersecurity, Computer Science, Engineering, Information Technology, or a related field, or equivalent practical experience.
  • Significant professional experience in cybersecurity engineering, vulnerability management, security operations, cloud security, infrastructure security, or related domains.
  • Proven expertise in Enterprise Data Center Infrastructure vulnerability management, including servers, network-attached infrastructure, virtualization, patch coordination, exception handling, and remediation prioritization for enterprise environments.
  • Proven expertise in client endpoint vulnerability management, including endpoint controls, patching, software and browser update compliance, detection coverage, and remediation at scale.
  • Proven expertise in multi-cloud vulnerability management across Azure, AWS, and GCP, including cloud workload exposure, misconfigurations, container image and runtime risks, and risk-based remediation workflows.
  • Proven expertise in AI security threat vulnerability management, including AI workload inventory, model supply chain risk, prompt injection, data leakage, model misuse, agent abuse scenarios, runtime behavior review, and control validation.
  • Experience correlating vulnerability findings with business, asset, identity, telemetry, network, SBOM, and threat-intelligence context to support risk-based prioritization and exploitability-focused decision-making.
  • Experience with enterprise vulnerability management platforms, scanners, and workflow tooling such as Qualys, Tenable, Wiz, ServiceNow or comparable platforms.
  • Strong understanding of remediation governance, exception management, dashboarding, metrics, and continuous improvement within a mature vulnerability management program.
  • Demonstrated ability to work independently, exercise strong judgment, and deliver results with minimal guidance.
  • Proven ability to solve complex, ambiguous problems using structured analysis and innovative approaches.
  • Experience leading initiatives that span multiple teams, stakeholders, or technical domains.
  • Strong communication and influence skills, including the ability to present recommendations supported by data and analysis.
  • Commitment to protecting sensitive information, speaking up about risks, and operating with integrity.
  • Demonstrated ability to run an end-to-end vulnerability intelligence workflow for a high-profile CVE, from initial awareness through intelligence collection, environmental relevance scoping, contextual scoring, and tailored outputs for executive and technical stakeholders.
  • Strong judgment in risk-based prioritization beyond CVSS, including the ability to weigh EPSS, CISA KEV status, active exploitation, exploit maturity, asset criticality, internet exposure, and compensating controls to assign and defend a GM-specific priority.
  • Ability to assess exploitability when public information is incomplete by reasoning through attack complexity, required privileges, user interaction, environmental preconditions, and the effectiveness of the control stack, then updating recommendations as PoCs and tooling emerge.
  • Experience mapping newly disclosed vulnerabilities to complex enterprise environments spanning multiple operating systems, cloud platforms, infrastructure, and third-party products using CMDB, scanner outputs, SBOMs, cloud inventories.
  • Strong written and verbal communication skills for producing high-quality vulnerability briefs that clearly summarize impact, affected assets, exploit likelihood, recommended actions, and remediation timelines for different audiences.
  • Experience designing or improving a vulnerability intelligence pipeline, including source ingestion, normalization, deduplication, enrichment with internal context, scoring, and publishing into tickets, dashboards, SOC workflows, and leadership updates.
  • Proven ability to respond to high-impact 0-days in critical third-party products by rapidly validating noisy intelligence, scoping exposure, recommending interim mitigations, and structuring updates during the first 24 to 72 hours.
  • Ability to reconcile conflicting vulnerability data across vendors, scanners, commercial feeds, internal observations, document rationale, and establish a defensible environment-specific rating.
  • Experience defining and using leadership metrics and dashboards that combine scanner, CMDB, ticketing, and threat-intelligence data to track remediation urgency, business exposure, and time-to-remediate.
  • Strong partnership skills with SOC and incident response teams to translate vulnerability intelligence into targeted detection, containment, remediation, and post-incident scoring improvements.
  • Technical depth to interpret exploit code, TTPs, and attacker tradecraft when needed, and adjust recommendations when practical exploitability differs from initial assumptions.
  • Knowledge of the regulatory landscape and intricacies related to industry cybersecurity standards and best practices (examples include: NIST CSF, SSDF, NIST 800-53, ISO 270001/2, ISO/IEC 15.x.x, NHTSA Best Practices, ISO/SAE 21434, SOC2, etc) and state privacy laws
  • Experience with policy/standard process creation and acceptance


What Will Give You A Competitive Edge (Preferred Qualifications):
  • Experience in large-scale enterprise, automotive, manufacturing, mobility, or regulated environments.
  • Relevant certifications such as CISSP, CISM, CCSP, GIAC, AWS Security, Azure Security, or equivalent.
  • Experience with cloud platforms, DevSecOps, security automation, detection engineering, threat modeling, incident response, or vulnerability remediation.
  • Experience influencing strategy, operating models, and process improvements beyond an immediate team or project scope.
  • Expertise in managing and leading complex projects and assignments with a high degree of autonomy, confidentiality, and accountability for results
  • Ability to work independently with minimal supervision
  • Operate with high level of time management and prioritization skills.
  • Must be comfortable working with and at times, managing Senior Leaders and Executives within the organization
  • A proven & successful track record in navigating cross functional teams to achieve desired results in a highly matrixed organization.
  • Hands-on Linux and Windows security administration experience


#LI-SB3
GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc).This role is categorized as hybrid. This means the selected candidate is expected to report to a specific location at least 3 times a week {or other frequency dictated by their manager}.This job may be eligible for relocation benefits.

About General Motors

General Motors Company engages in the manufacture and sale of cars and trucks in the United States, China, Brazil, Germany, the United Kingdom, Canada, and Italy. It offers sedans, crossovers, sport utility vehicles, pick-up trucks, coupes, sports/convertibles and hybrid vehicles, hatchbacks/wagons, and vans, as well as mini cars in India. The company also provides parts and accessories, such as iPod and MP3 compatibility, mobility accessories, performance parts, AC parts and services, and merchandise. In addition, it offers vehicle safety, security, and information services. The company provides used vehicles. It offers its products through dealers and distributors. General Motors Company was formerly known as NGMCO, Inc. and changed its name to General Motors Company in July 2009. The company was incorporated in 2009 and is based in Detroit, Michigan. It operates manufacturing facilities in India, the United States, and Canada. General Motors Company operates as a subsidiary of the United States Department of The Treasury. General Motors led global vehicle sales for 77 consecutive years from 1931 through 2007, longer than any other automaker, and is currently among the world's largest automakers by vehicle unit sales. General Motors acts in most countries outside the USA via wholly-owned subsidiaries but operates in China through 10 joint ventures. GM's OnStar subsidiary provides vehicle safety, security, and information services. In 2009, General Motors shed several brands, closing Saturn, Pontiac, and Hummer, and emerged from a government-backed Chapter 11 reorganization. In 2010, GM made an initial public offering IPOs to date and returned to profitability later that year.

General Motors Careers

Join the dynamic team at General Motors, a global leader in automotive innovation and technology. At General Motors, we offer unparalleled job opportunities that propel your career forward while contributing to a legacy of engineering excellence.

Work You’ll Do

Embark on a career with General Motors to drive the future of mobility. Our team is dedicated to redefining the automotive landscape through innovation and leadership in electric vehicles and sustainable solutions. By joining us, you will be part of a culture that values diversity, teamwork, and continuous professional growth.

Transform Your Career

General Motors is not just a company; it's a community where you can grow your skills alongside the best in the industry. Our leadership is committed to providing every employee—from interns to senior professionals—with opportunities for career advancement, leadership development, and diversity training.

Innovate and Lead

At General Motors, innovation is at the core of everything we do. From research and development to manufacturing, our teams work collaboratively to lead the industry with cutting-edge technologies and sustainable practices. We encourage our employees to think big and push the boundaries of what’s possible.

Join Our Global Team

As part of our global workforce, you will collaborate with talented individuals who are passionate about shaping the future of transportation. General Motors offers a variety of career paths in engineering, design, IT, marketing, and more. With over 155,000 employees worldwide, our network provides expansive opportunities for networking and professional development.

Internship Programs and Employment Benefits

Start your career journey with a General Motors internship, where you can apply your academic knowledge to real-world projects. Our internships provide a robust foundation in the automotive industry, with mentorship from experienced leaders. Full-time employees enjoy a wealth of benefits, including comprehensive health care, retirement plans, and performance bonuses, ensuring that your hard work is rewarded.

Explore Job Opportunities

Whether you’re a seasoned professional or a recent graduate, General Motors offers positions that leverage your unique skills. Our hiring process is designed to identify and nurture talent, focusing on aligning your capabilities with the right opportunities for growth within the company.

Stay Connected

Join Our Team Search open positions that match your skills and interests. At General Motors, we look for innovative, driven, and solution-oriented team players. Explore the possibilities that await you in a career at General Motors.

Keep Up to Date

Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who drive success at General Motors.

Job Alert Emails

Customize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities available at General Motors. Embark on a journey of growth, innovation, and leadership at General Motors. Shape your future in an environment that fosters diversity, learning, and the pursuit of excellence. Join us and redefine the roads of tomorrow.
Learn more about General Motors
Size
157,000 employees
Market Cap
$46.9 billion
Industry
Manufacturing & Automotive
Net Income
$6.4 billion
Founded
1908
5 Year Trend
-3.2%
Revenue
$122.4 billion
NASDAQ
GM
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at General Motors

More Information Technology Jobs

Find similar Senior Cybersecurity Vulnerability Management Engineer jobs:

NationwideWarren, MI