Security Engineer - Application Security

Description Work Arrangement:

This is a Hybrid position. The role will allow employees to work offsite but will also require onsite work based on business needs. The selected candidate will be expected to commute to the innovation center to which they are assigned as their primary GM facility. This position requires an employee to be onsite 1-3 times per week.

About the General Motors Security team

GM's Information Security and Risk Management Team protects and defends the company's information, networks and infrastructure. We are looking for talented Information Security and Risk Management Professionals in the fields of incident response, cyber-intelligence, enterprise security architecture, digital forensics, application security and compliance with the passion and expertise to perform in a complex, global environment amidst today's evolving threat landscape.

About the role

This role supports the activities of the Cyber Defense team which is responsible for protecting against threats and vulnerabilities, detecting, analyzing, and containing attacks on GM's digital information and infrastructure. This role will be responsible for testing the design and effectiveness of security controls of information systems, networks and applications within the GM environment. This role will be required to perform hands-on, technical penetration and ethical hacking tests of all facets of the GM environment.

What You'll Do:

Lead application security functions, developing and driving programmatic efforts to address external, internal, and emerging application security risks throughout the organization.

Conduct security assessments of application, network, and computing architecture before and after applications are deployed in.

Communicate technical application security control concepts to team members, including developers, architects, and managers.

Perform security evaluations, penetration testing, and reviews to identify vulnerabilities and weaknesses.

Serve as the overall API technology expert within Information Services to drive digital transformation through APIs across the enterprise accelerating products and services for our members and employees

Design and implement security solutions for our APIs and applications

Conduct security assessments and audits of API-based and application-based applications

Identify and assess API security and application security risks and vulnerabilities

Integrate API security and application security solutions with existing enterprise security infrastructure

Conduct security testing techniques such as SAST, DAST, and open-source component analysis

Ensure compliance with industry-standard security protocols and technologies such as OAuth, JWT, SSL/TLS, OWASP Top 10, etc

Develop and maintain documentation related to API and application security policies and procedures

Collaborate with cross-functional teams to implement effective security solutions

Stay up-to-date with the latest security trends, threats, and vulnerabilities

Additional Description Your Skills & Abilities (Required Qualifications)

Bachelor's degree in Information Systems or related field with adequate experience in the field of information security is acceptable.

3-5 years hands-on experience in either: cyber defense, penetration testing, or vulnerability management

Programming experience in Java, C++, Perl or Python

Experience with white-box or gray-box testing

Experience with application security source code reviews

Advanced knowledge of operating system and database security (Windows, Unix, Linux, SQL, and Oracle etc.)

Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols

Hands-on experience with commercial and open-source network and application security testing tools

Demonstrated sound written and verbal communication skills.

Extensive ability to transform technical concepts into usable documented material for non-technical users

Work on multiple projects simultaneously, set priorities and meet deadlines

Work independently and manage workload with organization to meet expectations and objectives.

Absorb, retain and organize information gathered from multiple sources and in a variety of formats.

High level of integrity in dealing with confidential and sensitive information.

What Will Give You A Competitive Edge (Preferred Qualifications)

Master's degree in a relevant field

Experience developing exploits

Obtained certifications in one or more of the following preferred:

CISSP, GIAC, CEH

GM DOES NOT PROVIDE IMMIGRATION-RELATED SPONSORSHIP FOR THIS ROLE. DO NOT APPLY FOR THIS ROLE IF YOU WILL NEED GM IMMIGRATION SPONSORSHIP (e.g., H-1B, TN, STEM OPT, etc.) NOW OR IN THE FUTURE.

About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

Why Join Us

We aspire to be the most inclusive company in the world. We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Our Work Appropriately philosophy supports our foundation of inclusion and provides employees the flexibility to work where they can have the greatest impact on achieving our goals, dependent on role needs. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.

Total Rewards Benefits Overview

From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Diversity Information

General Motors is committed to being a workplace that is not only free of discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers. We understand and embrace the variety through which people gain experiences whether through professional, personal, educational, or volunteer opportunities. GM is proud to be an equal opportunity employer.

We encourage interested candidates to review the key responsibilities and qualifications and apply for any positions that match your skills and capabilities.

Equal Employment Opportunity Statements

The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity (EEO) Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us at [email protected] or call us at 800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.