Staff Cyber Detection Incident Analyst - Security Operations

Description

The Role

GM’s Cybersecurity Team safeguards the company’s global information assets, networks, and infrastructure. Our mission is to proactively defend GM against evolving cyber threats through strategic leadership, technical excellence, and innovative risk management. We seek cybersecurity professionals with advanced expertise, capable of driving enterprise security initiatives and influencing organizational resilience.

As a Staff Cyber Detection Incident Analyst on GM’s Security Operations team, you will serve as a technical leader responsible for designing and advancing the enterprise’s cyber detection strategy across a global, hybrid environment. You will leverage deep expertise in endpoint, network, identity, cloud, application, SaaS telemetry and product data to identify advanced threats, improve visibility, and enhance the detection ecosystems that protect GM’s critical assets.

In this role, you will lead complex investigations, architect and optimize detection logic across SIEM, EDR, NDR, SOAR, cloud-native platforms and products, and integrate intelligence-driven analytics that raise GM’s defensive maturity. You will work cross-functionally with engineering, cloud, response, identity, application, and threat intelligence teams to evolve detection architecture, strengthen observability, and ensure GM maintains resilient, scalable, and modernized detection capabilities.

This position requires exceptional technical depth, the ability to drive detection roadmaps, influence enterprise tooling strategy, and mentor peers. You will help integrate emerging technologies—including large-scale analytics, automation, and AI—to reduce operational friction, accelerate threat detection, and elevate the maturity of GM’s global security operations.

What You'll Do

Serve as a senior technical authority for cyber detection, providing architectural guidance and leadership across SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms.

Lead deep-dive investigations and expert-level triage of complex security events using endpoint, network, identity, cloud, application, and SaaS telemetry.

Drive incident escalation workflows and partner closely with Incident Response, Threat Intelligence, Cloud, Identity, and Engineering teams to ensure rapid and effective containment and remediation.

Conduct advanced, hypothesis-driven threat hunts across on-prem, cloud (Azure, AWS, GCP), SaaS, and identity ecosystems using behavioral analytics, adversary tradecraft, and intelligence-driven methodologies.

Correlate large-scale telemetry to uncover sophisticated attack patterns, stealthy behaviors, and systemic visibility gaps.

Apply expert understanding of OS internals, adversary behaviors, cloud architectures, authentication protocols, and network fundamentals to assess impact and guide detection enhancements.

Integrate threat intelligence—including IOCs, behavioral analytics, and MITRE ATT&CK techniques—into scalable detection logic, analytic frameworks, and hunting practices.

Design, develop, and tune high-fidelity detections across:

SIEM: advanced correlations, anomaly models, enrichment pipelines

EDR/XDR: behavioral rules, event-pattern analytics, custom detections

NDR: network anomalies, lateral movement detection, protocol analysis

SOAR: high-impact automation workflows and enrichment routines

Cloud-native tools: Microsoft Defender, Sentinel, AWS GuardDuty, GCP SCC

SaaS platforms: O365, major IdP/IAM platforms, API telemetry sources

Evaluate emerging detection technologies, research, and analytics capabilities to continuously improve visibility, reduce MTTD, and enhance operational efficiency.

Mentor analysts and engineers, review escalations, provide technical leadership, and drive standardization of detection processes and quality across teams.

Influence detection strategy, tooling decisions, and long-term capability roadmaps across Security Operations and the broader GM security organization.

Participate in the on-call rotation to support 24×7 monitoring and response.

Your Skills & Abilities (Required Qualifications) 

Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent experience.

8+ years of experience in cybersecurity with specialization in detection engineering, SOC operations, incident response, threat hunting, or intrusion detection.

Demonstrated ability to lead complex investigations and drive detection improvements at enterprise scale.

Strong analytical skills with the ability to interpret large, complex datasets and communicate findings to both technical and executive audiences.

Advanced experience with EDR/XDR, SIEM, NDR , identity protection platforms, cloud-native and SaaS security tools .

Experience with vehicle security, embedded systems security, or in-vehicle telemetry.

Experience supporting manufacturing or OT security environments.

Strong understanding of application security, runtime observability, CI/CD pipelines, and API abuse detection techniques.

Hands-on scripting experience ( Python, PowerShell, KQL , etc.) to enrich detections and automate investigative workflows.

Deep experience with network security monitoring, packet analysis, and intrusion detection methodologies.

Proven experience detecting and responding to threats in cloud environments ( Azure, AWS, GCP ).

Demonstrated success mentoring analysts/peers and excellence working effectively in a collaborative team environment.

Expert-level understanding of log analytics, detection engineering principles, behavioral analytics, and adversary TTPs.

What Will Give You a Competitive Edge (Preferred Qualifications)

Industry certifications such as GCIA, GCIH, GCTI, GCTH, AWS/Azure/GCP Security , or equivalent advanced certifications.

10+ years of experience in detection engineering, threat hunting, or advanced security operations.

Experience leading enterprise-scale security initiatives, detection modernization programs, or tooling evaluations.

GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.)

This role is categorized as hybrid. This means the selected candidate is expected to report to a specific location at least 3 times a week {or other frequency dictated by their manager}.

This job may be eligible for relocation benefits.

About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

Why Join Us

We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee to feel they belong to one General Motors team.

Total Rewards | Benefits Overview

From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Non-Discrimination and Equal Employment Opportunities (U.S.)

General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers.

All employment decisions are made on a non-discriminatory basis without regard to sex, race, color, national origin, citizenship status, religion, age, disability, pregnancy or maternity status, sexual orientation, gender identity, status as a veteran or protected veteran, or any other similarly protected status in accordance with federal, state and local laws.

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required, where applicable, to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more, visit How we Hire.

Accommodations

General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us [email protected] or call us at 1-800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.