Why GMF Cybersecurity?
Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.
Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.
Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.
This position will be posted until filled.
About the role
This role serves as the senior subject matter expert for cloud incident response across Microsoft Azure and Microsoft 365. You will lead high‑impact investigations, mentor responders, and continuously improve the speed, quality, and repeatability of cloud incident response operations. This position is ideal for an experienced cloud security engineer, architect, or incident responder who thrives in complex investigations and wants to shape how cloud response is done at scale.
In this role you will:
- Lead Azure and Microsoft 365 security investigations, including identity compromise, privilege escalation, persistence, data exfiltration, and abuse of cloud services
- Act as the senior escalation point for complex cloud investigations, providing investigative direction and response strategy
- Perform investigations using Azure Activity Logs, Entra ID logs, Microsoft 365 Unified Audit Log, Defender telemetry, and related forensic artifacts
- Develop and standardize cloud‑specific incident response playbooks to improve consistency and efficiency
- Stay current with evolving attack techniques and security technologies to design, build, and continuously refine cloud detections and alerts across Azure and Microsoft 365
- Participate in an on‑call rotation as needed to support timely response to security incidents outside of standard business hours
What makes You an ideal candidate?
Knowledge and Skills
- Extensive hands‑on experience responding to security incidents in Microsoft Azure and/or Microsoft 365
- Strong understanding of Azure tenant and subscription architecture, Entra ID identity models, roles, conditional access, and privilege management
- Deep familiarity with cloud logging, telemetry sources, and forensic artifacts, including what is available, how it is acquired, and how attackers attempt to evade it
- Advanced experience writing and optimizing KQL queries for investigation and threat hunting across Defender data sources
- Ability to use Graph API, PowerShell, and automation to acquire evidence, investigate at scale, and accelerate response actions
- Demonstrate strong familiarity with cloud security platforms such as Microsoft Defender and Wiz
- Strong knowledge of the NIST Incident Response Life Cycle and the MITRE ATT&CK Framework
- Experience translating investigations into repeatable response processes, documentation, and improvement opportunities for detection and prevention.
- Background in cloud security engineering or architecture or prior senior‑level incident response experience with significant cloud exposure.
- Demonstrated ability to communicate across multiple levels of stakeholders
- Ability to document and summarize technical evidence and findings
Good interpersonal, verbal, and written communication skills across various mediums
Ability to exercise prudent judgment and offer knowledgeable recommendations
Education & Work Experience
- High School Diploma or equivalent required
- Bachelor’s Degree in related field or equivalent work experience strongly preferred
- 3-5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
- 3-5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred
Licenses and Certifications
- One or more security related certifications, such as CISSP, CCNP-Security, GIAC, CEH, or CPTS highly preferred
What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
Our Culture: Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.
Compensation: Competitive pay and bonus eligibility.
Work Life Balance: Flexible hybrid work environment, 4-days a week in office.
NOTE: We are unable to consider candidates who require visa sponsorship for this position
This position is not open to agency submissions
#GMFJobs
#LI-ST1
#LI-Hybrid
Similar Jobs
What you need to know about the Austin Tech Scene
Key Facts About Austin Tech
- Number of Tech Workers: 180,500; 13.7% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Dell, IBM, AMD, Apple, Alphabet
- Key Industries: Artificial intelligence, hardware, cloud computing, software, healthtech
- Funding Landscape: $4.5 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Live Oak Ventures, Austin Ventures, Hinge Capital, Gigafund, KdT Ventures, Next Coast Ventures, Silverton Partners
- Research Centers and Universities: University of Texas, Southwestern University, Texas State University, Center for Complex Quantum Systems, Oden Institute for Computational Engineering and Sciences, Texas Advanced Computing Center
