Contact Us

Hybrid AVP – Offensive Security

at GM Financial

Visit GM Financial websiteVisit GM Financial LinkedIn

Posted 2 weeks ago

Apply now

About the role

  • Lead offensive security initiatives and penetration testing for GM Financial. Develop strategies to enhance security capabilities against real-world threats.

Responsibilities

  • **About the Role**
  • The **AVP Offensive Security **will lead the planning, execution, and oversight of all offensive security initiatives, including advanced threat simulations, penetration testing, and ethical hacking in both physical and digital environments. Collaborating closely with Cybersecurity peers, this role manages a skilled team that fosters innovation while aligning the team’s operations with business priorities. By proactively developing attack methodologies and addressing real-world adversary tactics targeting enterprise financial services, the AVP strengthens GM Financial’s defenses and ensures the protection of sensitive customer and financial data.
  • In this role, you will:
  • **Strategic Leadership & Program Management**
  • Develop and execute a comprehensive offensive security strategy aligned with the company's business goals and risk appetite
  • Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
  • Collaborate with Cybersecurity peers and partners (i.e. Architecture, Engineering, Operations, Threat Intelligence, and Risk Management) to ensure comprehensive attack coverage and feedback loops
  • Lead and mentor a team of offensive security professionals, fostering a culture of innovation, continuous learning, and excellence
  • Manage the full lifecycle of offensive security engagements, including scope definition, execution, reporting, and remediation tracking
  • Establish and maintain a robust penetration testing program that covers all critical applications, infrastructure, and network components
  • **Technical Execution & Oversight**
  • Oversee and conduct advanced penetration tests on web applications, mobile applications, APIs, network infrastructure, and physical locations
  • Perform vulnerability research and exploit development to identify and test zero-day vulnerabilities in our systems
  • Analyze and interpret complex security data to identify trends, emerging threats, and areas for improvement
  • Stay current with the latest offensive security tools, techniques, and procedures (TTPs) and apply them to our security assessments
  • Conduct Cybersecurity Tabletop exercises and summarize the exercise for senior leadership, including areas of success and opportunities for improvement
  • **Communication & Collaboration**
  • Communicate complex security risks and findings to both technical and non-technical stakeholders across the organization, including senior leadership
  • Integrate the identification and remediation of findings with other Cybersecurity departments, business owners, and information technology partners
  • Deliver detailed post-engagement reports with risk-rated findings, proof of concept artifacts, and remediation guidance
  • Partner with development, IT, Digital, and business teams to ensure security is integrated into the software development lifecycle (SDLC) and business processes
  • Act as a subject matter expert for internal teams on offensive security topics
  • Establish and maintain strong partnerships with key peers and groups to ensure the success of the Offensive Security Team through challenging situations, keeping focus on long-term outcomes and results
  • **Reporting Structure:**
  • Report to: SVP Cybersecurity Architecture & Offensive Security

Requirements

  • **What makes you a dream candidate?**
  • Extensive experience in network and application penetration testing, red and purple teaming, threat emulation and modeling, and attack path development using MITRE ATT&CK
  • Advanced knowledge of internal testing tactics, state-sponsored threat actor techniques, and insider threat behaviors to assess risk from an adversarial perspective
  • Advanced knowledge in securing operating systems, databases, applications, and network protocols, including hands-on experience with Windows, UNIX/Linux, SQL, Oracle, and application source code reviews
  • Proficient with the common commercial and open-source penetration testing and assessment tools (e.g. Metasploit, Burp Suite, Cobalt Strike, Brute Ratel, etc.)
  • Proficient in one or more languages (e.g. Python, Ruby, Perl, Bash, Java, etc.) with experience developing custom exploits
  • Ensure operations align with industry regulations and compliance standards such as NIST, CCPA/CPRA, PIPEDA, LGPD, CFPB, GDPA, FFIEC, NYDFS, etc.
  • Advanced knowledge of cybersecurity technologies, concepts, methodologies, policies, standards, and best practices
  • Excellent interpersonal, written, and verbal communication skills, with the ability to influence senior leaders and employees at all levels.
  • Communicates quickly, clearly, concisely, appropriately, and intelligently
  • Interpersonal skills necessary to work well independently and with others in teams and collaborative work situations
  • Strong leadership skills that include delegation, coaching, training, development, and performance management
  • Organization and prioritization abilities
  • Ability to lead through influence, inspiration, collaboration, and teamwork
  • Ability to apply knowledge, critical thinking, and problem-solving skills in day-to-day problems and solutions
  • Ability to demonstrate integrity while successfully managing work demands, pressure, and dealing with confidential and sensitive information
  • Ability to manage multiple projects and tasks
  • Experience in the financial services or automotive industries is a significant plus
  • Continually pursues personal development
  • **Experience**
  • 12+ years in Cybersecurity or other related fields required
  • 5+ years in a dedicated offensive security role including penetration testing, vulnerability management or ethical hacking required
  • 5+ years of supervisory and/or leadership experience required
  • 5+ years of experience in large and complex business environments with a successful track record of working directly with senior level management required
  • High School Diploma or equivalent required
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Technology, Information Security, Information Assurance, Information Management or equivalent experience required
  • Relevant Cybersecurity certifications are preferred (CISSP, OSCP, OSCE, CRTO, GCTI, GPEN, GWAPT, GXPN, etc.)

Benefits

  • **What We Offer:** Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Job title

AVP – Offensive Security

Job type

Full Time

Experience level

Lead

Salary

Not specified

Degree requirement

Bachelor's Degree

Tech skills

Cyber SecurityJavaLinuxOraclePerlPythonRubySDLCSQLUnix

Location requirements

HybridArlingtonUnited States

Report this job

See something inaccurate? Let us know and we'll update the listing.

Report job

Similar roles

Browse all Security Engineer jobs

Senior Director, Security

RELX

BISO responsible for planning and executing enterprise - wide information security initiatives at Elsevier. Driving cybersecurity awareness and managing technical risk assessments for organizational improvements.

Onsite Role
OxfordUnited KingdomSecurity Engineer