Cybersecurity Engineer General Motors Financial Arlington, TX

K

Kate

Administrator
Команда форума
Responsibilities

JOB DUTIES
  • Perform software vulnerability scanning and source code analysis using security testing tools and processes used to expose known and undocumented vulnerabilities in various information systems.
  • Conduct source code reviews and software penetration tests to confirm existence of vulnerabilities and communicate findings to support teams for resolution.
  • Develop and utilize vulnerability data analysis and reporting tools.
  • Using strong interpersonal skills to articulate vulnerabilities to technical and not-technical audiences
  • Provide technical understanding of vulnerabilities and exploits using knowledge of coding frameworks and web application infrastructure (Application Servers, Web Servers, APIs, etc).
  • Provide knowledge and support for software and web application migration devices (WAF, API gateways, etc.)
  • Using creative thought, technical understanding of exploits, and attacker behaviors provide additional details on how software is at risk of penetration.
  • Creation of vulnerability reports and metrics to disseminate to groups based on operational hierarchies.
Qualifications

Knowledge
  • Local and wide area networking concepts, principles and protocols
  • Advanced knowledge in Infrastructure design and management
  • Working knowledge of management processes such as personnel administration, planning and budgeting
  • Strong working knowledge of Intel platforms, iSeries and pSeries servers
  • Advanced understanding of IT Service Management (ITSM) best practices and processes
  • Experience with UML Design Tools
  • Advanced knowledge of TCP/IP, OSI model and imp subnetting
  • High level understanding of technology infrastructure, security concepts and platforms
  • Demonstrated success in project management
  • Advanced knowledge of IBM pSeries hardware, operating systems and TSM backup infrastructure
  • Advanced knowledge of the OSI model and security that is associated with each layer
  • Understanding of routing and switching protocols as they relate to load balancing
  • Strong understanding of application layer protocols including HTTP, SSH, SSL and DNS
  • Knowledge and stay abreast on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities
  • Knowledge of IT security processes and controls as well as IT infrastructure and networking technical knowledge
  • Proven expertise developing custom rule sets for tools to identify specific attacks and exploits based on feedback and requirements from business stakeholders including Compliance and Legal Counsel
  • Possess understanding of cloud technologies and concepts
  • Experience securing cloud deployments on common platforms like Microsoft Azure, Amazon Web Services, or Google Cloud Platform
  • Experience with deploying environments by defining infrastructure as code (IaC)
  • Experience with securing container deployments, Kubernetes, managed Kubernetes PaaS services, Agile environments, and DevOps environments
  • Experience with managing infrastructure through CI/CD pipelines
  • Knowledge of Linux operating systems and microservice architecture
  • Background in scripting and automation in widely used languages such as Python, Go, Ruby, etc
  • Detailed knowledge of declarative IaC approaches and immutable infrastructure is a plus
  • Familiarity with Terraform is a plus
Skills
  • Coding in web development
  • Experience in cloud development. CICD or DevOps
  • Ability to think strategically and make collaborative decisions
  • Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact
  • Communicates quickly, clearly, concisely, appropriately and intelligently
  • Foster open communication, speaks with impact, listens to others and writes effectively
  • Experience with alternate management methods using SSH, serial connections and the command-line interface TMSH
  • Ability to effectively negotiate with vendors on upgrades and acquisitions
  • Effective planning, time management, negotiation and delegation skills
  • Expert level IT security processes and controls knowledge as well as IT infrastructure and networking technical knowledge
  • Ability to approach problems with an open-mind and create new and innovative ideas and methods
  • Advanced technical writing
  • Experience in documentation tools such as Visio and Microsoft Office products
  • Advanced information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skills
  • Advanced experience with Network and VLAN segmentation
  • Strong analytical skills
  • Ability to approach problems with an open-mind, use existing information and resources
  • Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods
  • Think positively when faced with obstacles, build on others ideas, think logically and intuitively
  • Detailed oriented
Education
  • Bachelor’s Degree in related field or equivalent work experience strongly preferred
Experience
  • Minimum of 1-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
  • Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
Licenses
  • Cybersecurity related certifications strongly preferred
Working Conditions
  • Normal office environment subject to stressful situations
  • Flexible schedule with possibility of working long hours including weekends/holidays, occasional overtime or split shifts may be required
  • Limited travel may be required to support business needs, including international travel
 
Войдите или зарегистрируйтесь для ответа.
Сверху