• Developing and implementing SIEM solution internally and as well for clients and/or candidates who have strong experience in assessing and implementing SIEM and other operational tools and processes for a Security Operations Centre (SOC) • Develop content for a complex and growing SIEM infrastructure. This includes use cases, dashboards, active channels, reports, rules, filters, trends and active lab sessions. • Use SIEM in the daily operational work which includes but not limited to Administer, operate, manage SIEM platform and regular activities of ensuring the health of log sources, parsers, alerts, reports etc. and enduring that the platform is operating as planned. • Monitor SIEM and other event sources, assess, prioritize, escalate and manage security alerts. • Perform analysis of security, network database and application logs, correlate events and activities to create threat scenarios in order to get ahead of threat actors and reduce the exposure. • Lead the imminent threat/zero-day response function across the environment. • Translate threat intelligence into actionable security across tools such as firewall, IPS and malware detection across multiple security vendor platforms. • Track and resolve security incidents on regular frequencies and collaborate with other teams for resolution and suggest areas for improvement. • Must have some experience building custom connectors/parsers etc. to point devices or IT assets that are not supported out of the box. • Own and operate most important security solutions designed to protect the company from cyber threats and attacks. • Lead in deploying new solutions and technologies to improve the security posture of the company. • Continuous fine-tuning of our security solutions to reduce the occurrence of false positive and false negative alerts. • Working knowledge and experience with the MITRE framework for cyber adversary tactics and techniques Must have working knowledge of any SIEM solution like QRadar, Sentinel, Splunk, Logrythm or Open Source SIEM (Wazuh, ELK)

• Conduct research and analysis in specific areas of expertise targeting client’s key initiatives. • Deliver high quality actionable advice through a variety of media. • Write high quality, clear, actionable, advisory research documents. • Remain ahead of the curve on developments and issues within these specified areas as well as applicable adjacent areas. • Articulate and defend assigned topic positions during discussions, while demonstrating openness to reconsidering viewpoints and accepting consensus decisions. • Respond to client questions, create materials for and deliver to clients in person, via teleconference, video conference or webinar and event presentations. • Maintain the Gartner’s industry leadership reputation by responding to press inquiries. • Proactively work with the wider sales organization and deliver outstanding sales support to retain and grow the business.

Description The Role GM's Cybersecurity Team safeguards the company's global information assets, networks, and infrastructure. Our mission is to proactively defend GM against evolving cyber threats through strategic leadership, technical excellence, and innovative risk management. We seek cybersecurity professionals with advanced expertise, capable of driving enterprise security initiatives and influencing organizational resilience. As a Senior Security Software Engineer, you will design, lead, and deliver secure, scalable integration services that connect our cyber ecosystem (SIEM, EDR, IAM, SSPM, CSPM, ITSM, cloud) and activate AI/LLM capabilities to accelerate detection, response, and risk management. You will drive architecture for critical services, mentor developers, and partner across SecOps, SOC, Platform, and Data teams to ship measurable outcomes. What You'll Do - Own architecture & delivery for complex integration services (APIs, microservices, event-driven workflows) with production SLIs/SLOs. - Build AI-driven workflows (RAG, summarization, classification, agents) that augment investigations, triage, and orchestration. - Create reusable connectors bridging SIEM/EDR/IAM/SSPM/ITDR/ITSM and cloud telemetry with robust error handling, retries, and DLQs. - Implement security automation (SOAR-like playbooks) that enrich alerts and trigger deterministic + AI-assisted responses. - Harden and observe services with CI/CD, automated testing, performance profiling, metrics, and incident runbooks. - Mentor engineers and lead technical design reviews, coding standards, and reference implementations. - Translate requirements into clear epics/roadmaps; align stakeholders and deliver on time with quality. Your Skills & Abilities (Required Qualifications) - 5-7 years in software security engineering; advanced proficiency in modern programming language s . - Expert in API development, microservices, event streaming , and idempotent integration patterns. - Experience deploying software using any modern CI/CD pipeline and automated delivery practices. - Hands-on with security tooling integrations (e.g., SIEM, EDR, SSPM ). - Proven AI integration experience : LLM agents, embeddings, vector databases, RAG, prompt engineering. - Cloud proficiency ( Azure/AWS/GCP ) and IaC ( Terraform/Bicep/ARM/CloudFormation ). - Data engineering fluency : ETL/ELT , schema design, normalization/enrichment; formats ( JSON, YAML, syslog, STIX/TAXII ). - Excellent cross-functional communication; ability to lead small teams through delivery. What Will Give You a Competitive Edge (Preferred Qualifications) - Experience extending vendor SDKs/plugins ; contributions to open-source ( security/AI ). - Security data modeling ( MITRE ATT&CK mappings, entity graphs ) and knowledge stores. - Familiarity with Semantic Kernel/LangChain , feature engineering, or lightweight MLOps . Compensation: The compensation information is a good faith estimate only. It is based on what a successful applicant might be paid in accordance with applicable state laws. The compensation may not be representative for positions located outside of New York, California, or Washington. - The expected base compensation for this role is : $125,200 - $158,600. The actual base compensation within the identified range will vary based on factors relevant to the position. - Bonus Potential: An incentive pay program offers payouts based on company performance, job level, and individual performance. - Benefits: GM offers a variety of health and wellbeing benefit programs. Benefit options include medical, dental, vision, Health Savings Account, Flexible Spending Accounts, retirement savings plan, sickness and accident benefits, life insurance, paid vacation & holidays. GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.) This role is categorized as remote. This means the selected candidate may be based anywhere in the country of work and is not expected to report to a GM worksite unless directed by their manager. About GM Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all. Why Join Us We believe we all must make a choice every day - individually and collectively - to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee to feel they belong to one General Motors team. Total Rewards | Benefits Overview From day one, we're looking out for your well-being-at work and at home-so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources. Non-Discrimination and Equal Employment Opportunities (U.S.) General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers. All employment decisions are made on a non-discriminatory basis without regard to sex, race, color, national origin, citizenship status, religion, age, disability, pregnancy or maternity status, sexual orientation, gender identity, status as a veteran or protected veteran, or any other similarly protected status in accordance with federal, state and local laws. We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required, where applicable, to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more, visit How we Hire. Accommodations General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us [email protected] or call us at 1-800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

• Use KQL for data analysis and development of security logic • Build security automations with PowerShell and GitHub Actions • Work closely with security analysts and develop reusable detection patterns • Optimize CI/CD processes and integrate DevSecOps