The Role:
You will strengthen GM’s software security posture by building and operating automated controls and validations integrated into CI/CD and development workflows. You may specialize in one or more areas—such as static analysis ( SAST ), dynamic and API testing ( DAST/API ), container/cloud‑native security, or software supply chain security—but the core of the role is the same: reduce risk through high‑quality automation, targeted validation, and actionable guidance for engineering teams.
What You'll Do (Responsibilities):
- Build and maintain automated security checks and validations in CI/CD (e.g., code and secret scanning, API/spec validation, dynamic testing, image/IaC scanning, dependency/SBOM signals); continuously improve precision and developer experience.
- Validate risk with targeted manual review where automation is insufficient; produce clear, reproducible findings with severity, impact, and pragmatic remediation; confirm fixes and risk reduction.
- Partner with product, platform, and cloud teams to embed secure‑by‑design patterns, guardrails, and reference guidance that prevent recurring issues and streamline remediation.
- Measure and improve outcomes (coverage, false‑positive rate, mean‑time‑to‑remediate); tune policies and workflows to focus effort on the highest‑value risks.
- Contribute domain expertise in one or more lanes:
- SAST and code security
- DAST/API testing and runtime validation
- Container/cloud‑native security and runtime policies
- Software supply chain (dependency governance, SBOM, provenance/attestation)
Your Skills & Abilities (Required Qualifications):
- 2+ years of hands‑on experience in application security, security assurance, vulnerability management, or related domains
- Working knowledge of common vulnerability classes and secure coding practices (e.g., OWASP Top 10; familiarity with CWE/CVE concepts)
- Experience integrating security checks into build/release workflows and using scripting/automation to scale (e.g., Python, shell, or similar)
People Skills:
- Strong analytical and communication skills; able to translate complex issues into clear, actionable guidance for both technical and non‑technical audiences
- High level of integrity handling confidential and sensitive information; ability to manage multiple priorities with minimal supervision
What Will Give You A Competitive Edge (Preferred Qualifications):
- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology or related discipline
- Prior experience specializing in one or more areas: SAST, DAST/API, container/cloud‑native security, or software supply chain security
- Experience building repeatable, developer‑friendly automations and policies in large engineering environments
- Relevant certifications (e.g. Security+, CSSLP, GIAC, or equivalent)
- Familiarity with modern cloud platforms, infrastructure‑as‑code, and CI/CD design patterns
#LI-DH2
